JP2003091420A - Program for update, device program and program update supporting method - Google Patents

Abstract

(57) [Summary] [Problem] To download a class in a short time and improve operability. SOLUTION: When updating an old version applet held by a client device 20 to a latest version applet in a server device 10, instead of updating all class files, only an old version class file CF is updated. I do. At this time, the old version of the class is updated by executing the update applet AP.

Description

Detailed Description of the Invention

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to an update program, an apparatus program and a program update support method for updating an old version application program held in a client apparatus to a latest version application program in a server apparatus.

[0002]

2. Description of the Related Art A Java (registered trademark) applet (hereinafter referred to as an applet) composed of a plurality of classes is distributed from a server device to a client device via a network such as the Internet or a LAN, and a web browser of the client device is provided. It is operable on.

There are two types of applet distribution modes. The first distribution form is a system in which every class of the applet is downloaded from the Web server every time the applet is used. The second distribution form is a system in which some or all classes required by the applet are arranged in advance on the client device.

[0004]

However, each of the above distribution forms has the following problems. In the first distribution form, since all classes are downloaded,
It takes a long time to download a class when the class size is large, the network line is congested, or a low speed line such as a telephone line is used. For this reason, network charges are high, and
Operability is low.

On the other hand, in the second distribution mode, since the user arranges the necessary classes in advance, every time the applet is changed,
The user is burdened with the troublesome task of replacing classes.

The present invention has been made in consideration of the above circumstances, and an object of the present invention is to provide an updating program, a device program, and a program updating support method capable of downloading a class in a short time and improving operability. .

Another object of the present invention is to provide an update program, a device program and a program update support method which can eliminate the trouble of the user.

[0008]

According to a first aspect of the present invention, an application program including a class file including an old version of a class file held by a client device and an application program including a latest version of each class file in a server device are provided. A method for supporting a program update for supporting the update of only the old version of the class file when the update is performed, wherein the server apparatus requests at least "self-operation" by the request from the client apparatus. A procedure for determining whether the version of the device class file is the latest version and a procedure for requesting the server device to send the latest version of the class file based on the result of the determination are stored in advance. Update program and this update program Reading a digital signature stored in advance for the RAM, and transmitting the update program and the digital signature to the client device, wherein the digital signature is a public key certificate stored in advance in the client device. It is a program update support method in which the program for update can be executed after the user is authenticated and the authentication result is confirmed.

As described above, when updating the old version of the application program held by the client device to the latest version of the application program in the server device, instead of updating all the class files, only the old version of the class file is updated. Since you can update the class, you can download the class in a short time and improve the operability. Moreover, since the old version of the class is updated by executing the update program, the user's trouble can be eliminated.

A second aspect of the present invention is to update an application program made up of each class file including an old version of the class file held by the client device into an application program made up of the latest version of each class file in the server device. An update program for updating only the old version of the class file, the computer of the client device, means for detecting a class file held by itself,
A means for checking the version of the detected class file and determining whether this version matches the latest version, and when the result of the determination is that the version does not match the latest version, the transmission of the class file of the latest version is performed. Means for requesting a server device, means for updating the class file of the old version to the class file of the latest version when the class file of the latest version is received from the server device, and a log including the update date and time when the update is completed It is an update program for functioning as means for notifying information to a server device.

Since the contents of the updating program are defined in this way, the same operation as the first aspect of the invention can be easily and reliably achieved.

Each of the above inventions may be expressed as, for example, a device program related to the operation of the client device or a device program related to the operation of the server device. It may also be expressed as a program update system including a client device, a server device, or both.

[0013]

BEST MODE FOR CARRYING OUT THE INVENTION An embodiment of the present invention will be described below with reference to the drawings. In the following description, the client device is a personal computer PC as an example, but the present invention is not limited to this, and the client device is a mobile phone (eg, a model that can use a (simplified version) browser). May be.

FIG. 1 is a schematic diagram showing a configuration of a client server system to which a program update support method according to an embodiment of the present invention is applied. In this system, a server device 10 and a client device 20 are connected to each other via a network 30 such as a LAN cable or a telephone line. Note that each of the devices 10 and 20 may be implemented as either hardware and / or software. Also, when implemented as software, a program describing the processing procedure of each device 10, 20 is installed in advance in the computer of each device 10, 20.

The server device 10 includes a file storage unit 11,
The communication function unit 12, the class file distribution function unit 13, and the log collection function unit 14 are provided. File storage unit 11
Stores an applet (with signature sig) AP, each class file CF, a log file LF, and the like so as to be readable / writable from each of the functional units 12 to 14.

The applet AP is for distributing the client device and is a program for updating the class in the client device, and therefore will be described when the client device 20 is described.

Each class file CF is for distribution to a client device, and as shown in FIG. 2, is composed of a plurality of classes c1, c2, ..., C5 ,. Any of c5, ... Is a version management class cv. The version management class cv describes a set of system name and version. In addition,
The term "version" means "the version of the system indicated by the system name", but since the system is realized by the class file CF, it may be read as the version of the class file CF.

The log file LF, as shown in FIG.
Log information Ld1, Ld2, ... That the class file CF has been updated in the client device 20 is stored in chronological order. Each piece of log information Ld is composed of a set of update date and time (for example, 2000/12/15 13:50), a system name realized by the class, a system version, and a system user name. The log file LF is not limited to the configuration stored in the server device 10, and may be configured to be stored in another server device (not shown).

The communication function unit 12 includes a client device 20.
It can be realized by an ordinary Web server for communicating with, and communication processing can be executed in cooperation with the file storage unit 11 and the respective functions 13 and 14.

The class file distribution function unit 13 searches the file storage unit 11 based on the latest file request received from the client device 20, and sends the obtained class file CF to the client device 20 via the communication function unit 12. It has a function to do.

The log collection function unit 14 has a function of writing the log information received from the client device 20 into the log file LF in the file storage unit 11, and after writing, finishes writing the log information in the client device 20. It has a function to notify. Here, the log collection function unit 14 is used by the server device 1
CGI (common
It can be realized by programs such as gateway interface) and servlets.

On the other hand, as shown in FIG. 1, the client device 20 includes a file storage unit 21, a communication function unit 22, an applet authentication function unit 23, an access control function unit 24, and an applet activation function unit 25. Here, the file storage unit 21 is readable / writable by the respective functional units 22 to 25 and P1 to P5, and has an applet AP and each class file C.
F, the authentication information file ADF, and the access control file ACF are stored.

The applet AP is a program for downloading the latest version of the class file CF from the server device 10 and updating it. Specifically, a digital signature sig for authentication is added, and together with the signature sig. The signature is downloaded from the server device 10 to the client device 20 and signed by the applet authentication function unit 23.
When used for g authentication and activated by the applet activation function unit 25, the class detection function unit P1, the version check function unit P2, the latest class acquisition function unit P3, the class writing function unit P4, and the log notification function unit P5. Is realized.

The class detection function unit P1 is an applet AP.
On the other hand, it has a function of determining the presence or absence of the class file CF in the file storage unit 21 within the range of the preset rule set R1 and activating the version check function unit P2 when the class file CF exists.

When the class check function unit P1 is activated, the version check function unit P2 is activated by the client device 20.
Version control class cv in the class file CF of
To check the version of the class file CF concerned, and the checked version and the page response contents before applet distribution in advance.
It has a function of comparing with the version of the class file CF of 0 and activating the latest class acquisition function unit P3 when the class file CF of the client device 20 is an older version.

The latest class acquisition function unit P3, when activated by the version checking function unit P2, sends the latest file request to the server device 10 via the communication function unit 22.

The class writing function unit P4 is used by the server device 10
A function of writing the latest version of the class file CF received from the file storage unit 21 to update the class file CF and a log notification function unit P5 of log information related to the update.
It has the function of sending to.

Upon receiving the log information from the class writing function unit P4, the log notification function unit P5 has a function of transmitting this log information to the server device 10 via the communication function unit 22, and a writing end from the server device 10. When it receives the notification of, the process of updating the class file CF is finished.

Each class file CF is the above-mentioned class file CF downloaded from the server device 10 and stored therein, and each class file CF is individually upgraded.

The authentication information file ADF is stored in the server device 1
A public key certificate Cert for authenticating the applet AP downloaded from 0 is prepared for each signature sig of the applet AP, and a plurality of public key certificates Cert1, Ce
It is composed of rt2, ... The signature sig of the applet AP can be verified using the public key of the corresponding public key certificate Cert1.

The access control file ACF has a plurality of rule sets R1, R2, ... As shown in FIG. Each rule set R1, R2, ... Includes "name of public key certificate (identification information)", "download source of applet (URL of server device)", and "rules that allow applet to access resource". ] Is described. It should be noted that access to resources means, for example, access to the file storage unit 21 and communication to the server device 10.
When F is stored in another server device (not shown), it also means communication with the other server device.

The communication function unit 22 is used by the client device 20.
It is realized by a Web browser installed in advance. When activated by the applet activation function unit 25, the applet authentication function unit 23 determines the presence or absence of the signature sig of the applet, and if the signature sig is present, the file storage unit 21.
The authentication information file ADF in the file is searched to determine whether or not there is, for example, the first public key certificate Cert1 corresponding to the signature sig,
If there is a public key certificate Cert1, this public key certificate Cert
1 and the applet AP are used to authenticate the signature sig, and the signature sig
When ig is valid, it has a function of transmitting the name of the public key certificate Cert1 to the access control function unit 24.

The authentication is not limited to the confirmation by decrypting the digital signature sig, and the server device 10 may be confirmed (for example, the name of the download source of the applet AP) instead of the confirmation of the signature sig. . Alternatively, both the confirmation of the digital signature sig and the confirmation of the server device 10 may be performed. The access control function unit 24 searches the access control file ACF on the basis of the name of the public key certificate Cert1 received from the applet authentication function unit 23, and the rule set R corresponding to the name of the public key certificate cert1 and the download source. It has a function of determining the presence or absence of a rule and a function of limiting access to resources in the applet AP based on the rule set R when the rule set R exists as a result of the determination.

When the applet activation function unit 25 receives the applet AP from the server device 10 via the communication function unit 22, it activates the applet authentication function unit 23 to authenticate the applet AP, and when the authentication result shows validity. , The access control function unit 24 is activated and the access control rule set Ri (i is arbitrary) is specified, and then the applet A
It starts P.

Next, the operation of the client / server system configured as described above will be described with reference to FIGS. First, as shown in FIGS. 5 and 6, the client device 20 transmits a page request to the server device 10 via the communication function unit 22 when the class is used (S1).
The page request is a request for distribution of a class update page for receiving distribution of the class update applet AP.

In the server device 10, based on this page request, the communication function unit 12 returns a class update page as a page response to the client device 20 (S2). Here, the class update page includes the (latest) version of the class in the server device 10 and the request information (eg, identification information, etc.) of the class update applet AP for each class to be updated. .

In the client device 20, the communication function unit 22 sends an applet request to the server device 10 based on this class update page (S3).

On the basis of this applet request, the server device 10 causes the applet A in the file storage unit 11 to
P and signature sig are transmitted to the client device 20 (S
4). In the client device 20, when the communication function unit 22 receives the applet AP and the signature sig, the applet activation function unit 25 activates the applet AP (S5).

However, from the viewpoint of maintaining the security of its own resource, the client device 20 needs to allow only the authenticated applet to access the resource within the range of a predetermined access control rule.

Therefore, the client device 20 executes the authentication of the applet AP during the activation process of the applet AP (S5). For example, as shown in FIG. 7, the applet authentication function unit 23 determines the presence or absence of the signature sig of the applet AP (S5-1), and if there is no signature sig, ends in error, but if there is a signature sig, the file storage unit The authentication information file ADF in 21 is searched to determine whether there is, for example, the first public key certificate Cert1 corresponding to the signature sig (S5).
-2).

Here, if the public key certificate Cert1 does not exist, the process ends with an error. If the public key certificate Cert1 does exist, the signature si is signed using the public key certificate Cert1 and the applet AP.
When g is authenticated and, as a result of the authentication, the signature sig is valid, the access control function unit 24 searches the access control file ACF, and the name and download source (server device 10) of the public key certificate cert1 are searched. For example, the presence or absence of the corresponding first rule set R1 is determined (S5-3).

If the rule set R1 does not exist, the process ends with an error. If the rule set R1 exists, the applet AP can access the resource within the range permitted by the rule set R1 (S5-4). In addition, although not particularly stated,
The following processing of the applet AP is executed within the range permitted by the rule set R1.

Next, as shown in FIGS. 5 and 6, the applet AP determines the presence / absence of the class file CF in the file storage unit 21 of the client device 20 by the class detection function unit P1 (S6).

If the class file CF exists, the version checking function unit P2 of the applet AP accesses the version management class cv in the class file CF to check the version of the class file CF (S7).

For example, the class file CF in the server device 10 is version "2", and the client device 2
It is assumed that the class file CF of 0 is version “1”. In this case, since the version of the class file CF of the client device 20 is older than that of the class file CF of the server device 10, the applet AP performs the process of upgrading the class file CF of the old version in the file storage unit 21. Transition.

First, the latest class acquisition function unit P3 of the applet AP sends the latest file request to the server device 10 so as to send the latest version of the class file CF (S8).

In the server device 10, the class file distribution function unit 13 sends the latest version of the class file CF in the file storage unit 11 to the client device 20 based on the latest file request (S9).

Next, the class writing function unit P4 of the applet AP receives the class file CF received from the server device 10.
Is written in a predetermined position of the client device 20 (S1
0).

The predetermined position is, for example, the client device 2
In the file storage unit 21 of 0, the hierarchical path "C: \ jav
It is the place indicated by "a \ kaikei.jar". In addition, "kaik
“Ei.jar” is the “name of the class file CF”.

Next, the log notification function part P of the applet AP
5 is log information Ld indicating that the class file CF has been updated
Is transmitted to the server device 10 (S11).

The log collection function unit 14 of the server device 10
The received log information Ld is written in the log file LF in the file storage unit 11 (S12).

After that, the log collecting function unit 14 notifies the client device 20 of the end of writing the log information Ld (S13).

The log notification function part P5 of the applet AP is
Upon receiving the completion of writing, the process of upgrading the class file CF is completed. Hereinafter, the client device 20 can execute processing based on the upgraded class file CF.

As described above, according to this embodiment, when updating an old version applet held by the client device 20 to the latest version applet in the server device 10, not updating all the class files. Since only the old version of the class file CF is updated, the class can be downloaded in a short time and the operability can be improved. Also, since the old version of the class is updated by executing the update applet AP, the user's trouble can be eliminated.

Further, the log file LF is sent to the server device 10
When storing in another server device (not shown) other than the above, the log management load on the server device 10 can be eliminated.

Further, in the case where the form of authenticating the applet AP includes the confirmation of the server device in addition to the confirmation of the digital signature, the reliability can be further improved.

From the viewpoint of confirming the communication partner, the client device 20 preferably authenticates the server device 10 not only when authenticating the applet AP but also when communicating with the server device 10. For the authentication of the server device 10, a method using a public key certificate can be used.

On the other hand, when the communication from the client device 20 occurs, the server device 10 causes the client device 1 to
It is preferable to authenticate 0 users and confirm whether the user or the client device 20 has the authority to use the class file CF. For user authentication, a method using an ID and password or a method using a public key certificate can be used.

Although not particularly described in this embodiment, it is preferable to encrypt communication between the client device 20 and the server device 10 when updating a class for which confidentiality is required. For encryption of communication, for example, SH
TTP (secure-hypertext transfer protocol) or SS
L (secure sockets layer) and the like can be used.

Although it has been described that the version management class cv corresponds to the version of the class file CF,
The configuration is not limited to this, and the version management class cv or the server device 10 may manage the versions of the classes c1, c2 ,. In this case, the class file CF
Instead of downloading and updating each class c1, c
It is possible to realize downloading and updating for each 2, ..., Further shortening the download time.

The method described in each of the above embodiments is
As a program that can be executed by a computer, a magnetic disk (floppy (registered trademark) disk,
Hard disk, etc., Optical disk (CD-ROM, D
It can be stored in a storage medium such as a VD), a magneto-optical disk (MO), a semiconductor memory or the like and distributed.

The storage medium may have any storage format as long as it can store the program and can be read by a computer.

An OS (Operating System) running on the computer based on the instructions of the program installed in the computer from the storage medium,
MW such as database management software and network software
(Middleware) or the like may execute a part of each processing for realizing the present embodiment.

Further, the storage medium in the present invention is not limited to a medium independent of a computer, but includes a storage medium in which a program transmitted via a LAN, the Internet or the like is downloaded and stored or temporarily stored.

Further, the number of storage media is not limited to one, and a case in which the processing in this embodiment is executed from a plurality of media is also included in the storage media in the present invention, and the medium configuration may be any configuration.

The computer according to the present invention executes each processing in the present embodiment based on the program stored in the storage medium, and a device such as a personal computer or a plurality of devices are connected to the network. It may have any configuration such as an established system.

The computer in the present invention means
Not only a personal computer but also an arithmetic processing unit, a microcomputer, and the like included in an information processing device, which collectively refer to a device and a device that can realize the functions of the present invention by a program.

The invention of the present application is not limited to the above-described embodiments, and can be variously modified at the stage of implementation without departing from the spirit of the invention. In addition, the respective embodiments may be implemented by being combined appropriately as far as possible, in which case the combined effects can be obtained. Further, the above-described embodiments include inventions at various stages, and various inventions can be extracted by appropriately combining a plurality of disclosed constituent requirements. For example, when the invention is extracted by omitting some of the constituent elements shown in the embodiment, when omitting the extracted invention, the omitted portions are appropriately supplemented by well-known and common techniques. It is something that will be done.

Besides, the present invention can be variously modified and implemented without departing from the gist thereof.

[0070]

As described above, according to the present invention, the class can be downloaded in a short time and the operability can be improved. In addition, the trouble of the user can be eliminated.

[Brief description of drawings]

FIG. 1 is a schematic diagram showing a configuration of a client server system to which a program update support method according to an embodiment of the present invention is applied.

FIG. 2 is a schematic diagram showing a configuration of a class file in the same embodiment.

FIG. 3 is a schematic diagram showing a configuration of a log file in the same embodiment.

FIG. 4 is a schematic diagram showing a configuration of an access control file in the same embodiment.

FIG. 5 is a sequence diagram for explaining an operation in the same embodiment.

FIG. 6 is a schematic diagram for explaining an operation in the same embodiment.

FIG. 7 is a schematic diagram for explaining an operation in the same embodiment.

[Explanation of symbols]

10 ... Server device 11, 21 ... File storage section 12, 22 ... Communication function section 13 ... Class file distribution function section 14 ... Log collection function section 20 ... Client device 23 ... Applet authentication function section 24 ... Access control function unit 25 ... Applet startup function section 30 ... Network AP ... Applet P1 ... Class detection function P2 ... Version inspection function unit P3 ... Latest class acquisition function P4 ... Class writing function P5 ... Log notification function section sig ... Signature CF ... Class file c1-c5 ... Class cv ... Version management class LF ... log file Ld1 to Ld3 ... log information ADF ... Authentication information file Cert1, Cert2 ... Public key certificate ACF ... Access control file

   ─────────────────────────────────────────────────── ─── Continued front page    F term (reference) 5B076 AC01 AC03 AC05 BA05 BB06                       BB13 EA18 EA20 FA00 FA13                       FB01 FB02

Claims (7)

[Claims] 1. When updating an application program made up of each class file containing an old version of a class file held by a client device to an application program made up of the latest version of each class file in a server device, An updating program for updating only a class file, the computer of the client device, means for detecting a class file held by itself, checking the version of the detected class file, this version is the latest version Means for determining whether they match, when the result of the determination does not match the latest version, means for requesting the server device to transmit the class file of the latest version, class of the latest version from the server device Receiving a file, updating the old version class file to the latest version class file; and, when the update is completed, notifying the server device of log information including the update date and time. For programs. 2. When updating an application program made up of each class file containing an old version of a class file held by a client device into an application program made up of the latest version of each class file in the server device, the old version A program update method for updating only a class file, which is a device program used for the client device, wherein the computer of the client device, the update program in which the update procedure is described for the server device And means for requesting transmission of a digital signature for the update program, when the update program and the digital signature are received from the server device, the digital signature is authenticated using a public key certificate held in advance, and the authentication result is valid. sex , A device program for functioning as means for executing the update program, means for giving access permission to a predetermined resource in relation to the execution of the update program. 3. When updating an application program made up of each class file containing an old version of a class file held by a client device into an application program made up of the latest version of each class file in the server device, A program update method for updating only a class file, which is a device program used in the server device, wherein a computer of the server device is configured to update the update program in which the update procedure is described and the update program. Means for storing a digital signature in advance; means for transmitting the update program and the digital signature to the client apparatus in response to a request from the client device; and, upon completion of the update by executing the update program, When the client device is notified log information including the update date and time, device program for causing a device function as, for recording the log information. 4. When updating an application program made up of each class file containing an old version of a class file held by a client device into an application program made up of the latest version of each class file in a server device, A program update support method for supporting update of only a class file, wherein the server device requests at least "the version of the class file of the device is the latest version" as a procedure of the update in response to a request from the client device. In the pre-stored update program and this update program, "procedure for determining whether or not" and "procedure for requesting the server device to transmit the latest version of the class file based on the result of the determination" are described. Prestored against A step of reading the digital signature and transmitting the update program and the digital signature to the client device, wherein the digital signature is authenticated using a public key certificate stored in advance in the client device, and the authentication result is displayed. A program update support method characterized in that the program for update can be executed after confirmation. 5. The program update support method according to claim 4, wherein the server device records the log information transmitted including the update date and time from the client device at the time of completion of the update by executing the update program, and the latest version. A program update support method, which is a device different from a server device having a version application program. 6. The program update support method according to claim 4, wherein communication between the client device and the server device is encrypted. 7. The program update support method according to claim 4, wherein the authentication includes confirmation of the server device in addition to confirmation of the digital signature.