JP2002281021A - Distributed data management system using network - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide a distributed data management system using a network, capable of remarkably strengthening security only by slightly increasing data processing cost or the like. SOLUTION: An accepting computer 1 inserts section number data in constituted of an acceptance number and a data order number into the designated position of each data section Din of data Di to be managed, doubly enciphers the data by an individual and common decipherment method, and stores the data in a storage computer CPUn selected at random from among storage computers 3-1, to 3-k connected to a network. In requesting data restoration, the respective doubly enciphered data sections acquired based on information related with a time stamp Ti and the storage computer CPUn are restored based on information related with the common and individual encipherment method, and the section number data are extracted based on the section number data extracted from the designated position of the respective data sections, and the respective data sections are rearranged so that data Di to be managed can be restored.

Description

DETAILED DESCRIPTION OF THE INVENTION

[0001]

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a system for distributing and managing data using a plurality of computers connected to a network.

[0002]

2. Description of the Related Art In recent years, services using a plurality of computers connected to a network, such as electronic commerce and online banking, have been increasing. In such a service, a plurality of computers connected to a network connect various data including data of a personal identification number assigned to an authorized user and data generated by using the service (personal data, use history data, etc.). Is transmitted and received between Therefore, for data such as personal identification number data requiring security (confidentiality protection), extremely sophisticated protection measures should be taken so as not to be stolen by a third party during transmission / reception or stored in a computer. Need to take.

As a protection measure for data requiring security, for example, there is a data encryption technique. In the case of using data encryption technology, a method of storing the entire data to be protected in one computer and encrypting the entire data to be protected using an encryption method that follows one logical rule has been conventionally used. Commonly used. At this time, in order to increase the security strength, the data to be protected may be divided into a plurality of data pieces and then encrypted, or the encryption technique to be used may be changed every predetermined time.

[0004]

In order to increase the security strength by using an encryption technique, one data is encrypted a plurality of times, or the encryption technique to be used is changed in time / space. In such a case, it is difficult to restore (decrypt) the data, so that the security strength is improved. Therefore, practicality is hindered. In addition, when a complicated encryption technique is applied to a service that requires real-time properties such as online banking, the processing time is increased and the service to the user is reduced.

An object of the present invention is to provide a data distribution management system using a network which can remarkably enhance the security strength by slightly increasing the time and cost required for data processing.

[0006]

According to a first aspect of the present invention, in order to achieve the above object, when a plurality of computers connected to a network are used to manage data in a distributed manner, the plurality of computers are connected to each other. A configuration in which one reception computer and at least two storage computers are provided, wherein the reception computer assigns a single reception number (i) to the received managed data (D); A step of dividing the data to be managed (Di) after the assignment into a plurality of n data sections (Din) having an arbitrary data length, and the reception number and the data at a designated position of each of the divided data sections (Din) Inserting section number data (in) consisting of sequential numbers and randomly selecting each data section (D'in) after inserting section number data from a plurality of preset encryption methods Individual encryption methods
(Cn), and encrypting each data section (D''in) after encrypting, respectively, a step of storing in a storage computer (CPUn) randomly selected from the storage computer, Information for specifying each data section (Din) constituting the management target data (Di) and information on the encryption method (Cn) corresponding to each data section (Din) and the storage computer (CPUn) of the storage destination are stored. By sequentially executing the steps of storing the data in the reception computer, and performing a data distributed storage process, and at the time of a data restoration request for the management target data (Di), the reception computer executes the management target data (Di). For specifying each data section (Din) that constitutes the data section and the storage computer (CPU
n) each data section after encryption based on the information about (n)
in) and the obtained data intercept
(D''in) is restored based on the corresponding encryption method (Cn), and the section number data (in) inserted at the designated position of each data section (D'in) after restoration is The data restoration process is performed by sequentially performing a step of extracting and a step of rearranging each data section (Din) after extracting the section number data based on the extracted section number data (in). .

According to a second aspect of the present invention, a designated position for inserting the section number data into each of the divided data sections is randomly determined for each data section.
The information on the determined designated position is stored in the reception computer in association with the data section.

According to a third aspect of the present invention, the specified position is a data length of the data segment and two of hour, minute, and second constituting the division processing time of the data segment. It is characterized in that it is determined by referring to a preset three-dimensional map based on two parameters represented by different combinations of elements.

According to a fourth aspect of the present invention, the minimum data length of each data segment after the division is 2 bytes.

A fifth aspect of the present invention is characterized in that the receiving computer also serves as one of the storage computers.

In the first invention, the reception computer, which is one of the plurality of computers connected to the network, assigns a single reception number (i) to the received management target data (D), Dividing the management target data (Di) into a plurality of n data sections (Din) having an arbitrary data length,
At the designated position of each data section (Din) after division, section number data (in) consisting of the reception number and data sequence number respectively
And insert each data section (D'in) after inserting the section number data.
Each is encrypted using an individual encryption method (Cn) selected at random from a plurality of encryption methods set in advance, and each data section (D''in) after encryption is described above. A storage computer (C
PUn), information for designating each data section (Din) constituting the data to be managed (Di), and storage of the encryption method (Cn) and storage location corresponding to each data section (Din) By storing information on the computer (CPUn) in each of the reception computers, while performing data distributed storage processing, the management target data (Di)
At the time of a data restoration request to the management target data (D
Each of the encrypted data sections (D ') based on information for designating each data section (Din) constituting the i) and information on the storage computer (CPUn) at the storage destination corresponding to each data section (Din). 'in), restore each of the acquired data sections (D'' in) based on the corresponding encryption method (Cn), and place them in the designated positions of the restored data sections (D'in). Data restoration processing is performed by extracting the inserted section number data (in) and rearranging the data sections (Din) after the extraction of the section number data based on the extracted section number data (in).

In the above, the segment number data (i) used for rearranging each data segment (Din) during the data restoration process
Since (n) is inserted into each data section (Din) itself, data that is irrelevant to the original data is added to each data section, so it is notified that the section number data (in) has been inserted. Even if a third party illegally obtains the data section, it is extremely difficult to restore the original data. Even if one piece of data can be obtained, in order to obtain all data pieces constituting the data to be managed (Di), first specify each data piece constituting the data to be managed (Di). To obtain the location of all data sections, and then to obtain each data section from all storage computers (CPUn) that are the storage destinations. Obtaining data sections is extremely difficult. Even if all data sections can be obtained, if the section number data (in) is removed from each data section (Din) and then rearranged based on the section number data (in), the management target data Since (Di) cannot be restored, it is extremely difficult to restore the management target data (Di). Therefore, it is possible to provide a data distribution management system using a network that can remarkably enhance the security strength by slightly increasing the time and cost required for data processing.

According to the second invention, a designated position for inserting the section number data into each of the divided data sections (Din) is randomly determined for each data section, and information about the determined designated position is determined. Is stored in the reception computer in association with the data section, even if a third party who knows that the section number data (in) is inserted illegally obtains the data section, the section number data Since it is not possible to know where the section number data (in) is inserted in the data section unless the information on the designated position for inserting the data is also obtained, it is extremely difficult to restore the original data. Yes, security strength is further enhanced.

According to the third aspect, the specified position is a different combination of the data length of the data segment and the hour, minute, and second elements constituting the division processing time of the data segment. Is determined by referring to a preset three-dimensional map based on the two parameters represented by the following formulas. Therefore, when determining the designated position, it is possible to use the three-dimensional map instead of using a random number. This eliminates the need for a random number generator for determining the designated position.

According to the fourth aspect, since the minimum data length of each data segment after the division is 2 bytes, there are three types of designated positions: the head of each data segment, the middle, and the end of each data segment. Can be selected, and the security strength is enhanced as compared with the case where the minimum data length is 1 byte.

According to the fifth invention, since the receiving computer also serves as one of the storage computers, the data of the present invention can be used in a network having a minimum configuration including one receiving computer and storage computer and one storage computer. The distributed management method can be applied, and the system configuration cost can be reduced.

[0017]

Embodiments of the present invention will be described below in detail with reference to the drawings. FIG. 1 is a diagram showing a configuration of a network used for implementing the data distribution management method according to the first embodiment of the present invention. As shown in FIG. 1, a network used for implementing the data distribution management method of the present embodiment is as follows.
It comprises a reception computer 1 and a plurality of k storage computers 3-1, 3-2,..., 3-k connected to the reception computer 1 via a network 2. It is preferable that the receiving computer 1 and the storage computers 3-1, 3-2,..., 3-k be installed at different installation locations as far as possible from the viewpoint of data distribution.

As the reception computer 1 and the storage computers 3-1, 3-2,..., 3-k, various computers such as a general-purpose large computer, a workstation, and a personal computer can be used.
In order to reduce the system configuration cost, the reception computer 1 can also be used as one of the storage computers. In this case, the minimum configuration of the network is one reception computer and storage computer 1 And one storage computer 3 for a total of two computers.

As the network 2, any network can be used as long as it can connect a plurality of computers. For example, any one of LAN, WAN, Internet, and dedicated line connection can be used. .

Next, the data distribution management including the data distribution storage processing and the data restoration processing in the present embodiment will be described.
This will be described with reference to FIGS. [Data Distributed Storage Processing] FIG. 2 is a flowchart showing a data distributed storage processing program executed by the receiving computer in the first embodiment. In FIG.
First, in step 51, it is checked whether or not the management target data has been received. Only when the management target data has been received, in the next step 52, as shown in FIG. A single reception number i
Is given. As the single reception number i, for example, a “sequential number in reception order” may be used.

In the next step 53, as illustrated in FIG. 3B, the total data length (total number of bytes) of the management target data Di after the reception number is assigned is counted. Then step 5
In step 4, the data division number n and the data length (number of bytes) of each data segment after division are determined using random numbers. In this case, the minimum value of the data division number n is set to 2 in order to make the insertion pattern of the section number data described later into three patterns. Therefore, it is desirable to set the data division number n to 3 or more from the viewpoint of data distribution.
Then, in the next step 55, as illustrated in FIG. 3C, the management target data Di is converted into a plurality of n data segments Di having a data length (number of bytes) according to the determination in step 54.
Divide into 1, Di2, Di3, ..., Din. As a result of this division, the management target data Di that is the original data does not remain in the reception computer 1.

In the next step 56, a designated position for inserting section number data to be described later into each data section after division is randomly determined for each data section. The designated position is determined using, for example, a random number from 1 to 3, when 1 is selected, the designated position is set at the head of the data segment, and when 2 is selected, the designated position is set at 3 positions from the beginning of the data segment. , 4
When the number 3 is selected, the designated position is assumed to be the end of the data segment. In the above,
Although the designated position for inserting the segment number data is determined for each data segment, a common position (for example, immediately after the second byte from the beginning) may be used for each data segment.
In such a case, sufficient security strength can be obtained as described later.

In the above description, a random number is used as position designation data used for determining a designated position. Instead, a three-dimensional map set in advance as illustrated in FIG. And two parameters (hour and minute; X-axis, X-axis, and Y-axis) and two parameters expressed by different combinations of two elements of the three elements of hour, minute, and second that constitute the division processing time of each data segment. (Minutes and seconds; Z-axis). Each of the three-dimensional coordinates of the three-dimensional map in FIG. 4 has the same position designation data (1, 2, 2,
3 is embedded. FIG.
In the example shown in (1), a case where the data length is 128 bytes and the position designation data corresponding to the data segment divided at 9:30:12 is obtained.

In the next step 57, each data section Din
Is inserted at each of the designated positions, the section number data in comprising the reception number i and the data sequence number n. In the example shown in FIG. 3D, the segment number data i1 is inserted at the end of the first data segment Di1 in the dividing order, and the second data segment Di1 in the dividing order.
In Di2, the segment number data i2 is inserted immediately after the third byte from the beginning, and the third data segment Di3 in the division order is 3 bytes from the beginning.
The slice number data i3 is inserted immediately after the byte, and the slice number data in is inserted at the beginning of the nth data slice Din in the division order.

In the next step 58, each of the data sections D after the insertion of the section number data is randomly selected from a plurality of M types of encryption methods set in advance using random numbers, maps, or the like. The encryption method Cn for 'in is determined individually. In the example shown in FIG. 3E, the encryption method 1 is determined as the encryption method C1 for the data section D'i1, and the encryption method 3 is determined as the encryption method C2 for the data section D'i2.
Are determined, the encryption method M is determined as the encryption method C3 for the data section D′ i3, and the encryption method 7 is determined as the encryption method Cn for the data section D′ in.

In the next step 59, each data section D'in after inserting the section number data is encrypted using the individual encryption method Cn determined in step 58. As a result of this individual encryption, as shown in FIG. 3 (f), each data segment D'i1 to D'in is an encrypted data segment.
D''i1 to D'' in.

In the next step 60, the encrypted data section D ″ i1 is randomly selected from a plurality of M types of encryption methods set in advance using random numbers, maps, and the like. ~ D''in is determined, and using this common encryption method, the next step 61
The data sections D''i1 to D'' in encrypted by the above are encrypted again. As a result of this common encryption, as shown in FIG. 3 (g), each of the encrypted data sections D ″ i1 to D ″ in is a double encrypted data section D ′ ″. i1 to D '''in. In the data distribution management method according to the present embodiment, a sufficient security strength can be obtained as described later even if the processing in steps 60 and 61 is omitted. Therefore, the processing in steps 60 and 601 can be omitted. Although it is possible, in order to further enhance the security strength, the processing of the above steps 60 and 61 is executed.

In the next step 62, the storage computers CPU1 to CPUn for storing the double-encrypted data pieces D '"i1 to D'" in are stored in the storage computers 3-1 and 3 respectively.
It is randomly determined (selected) from −2,..., 3-k. Based on this determination, in the next step 63, each data section D ′ ″ i1 to D ′ ″ in is stored in the storage computer CPUn. In the example shown in FIG. 3H, the first data section D '''i1 is stored in the storage computer 3-2, and the second data section D''' i2 is stored in the storage computer 3-2. The third data section D '''i3 is the storage computer 3
−k, and the n-th data section D ′ ″ in is stored in the storage computer 3-1.

In the next step 64, the management target data Di
The information received from the receiving computer 1 includes information for designating each data section Din, and information on the position designation data corresponding to each data section Din, the individual encryption method Cn, the common encryption method, and the storage computer CPUn of the storage destination. Store in. As the information for designating each data section Din, for example, a time stamp Ti of the data division processing time is used. Thereby, for example, the reception number of the data to be managed is 5, and the number of divisions n is 20
In the case where the number k of stored computers is 10, a time stamp Ti for designating the data pieces D501 to D520 constituting the management target data D5 and a position designation corresponding to each data piece having the time stamp Ti Information relating the data, the individual encryption method Cn, the common encryption method, and the storage computer CPUn of the storage destination is stored in the reception computer 1. In this case, by referring to the above information, the data section D5 constituting the data D5 to be managed is referred to.
01-D520, which is stored in which storage computer, and where is the designated position for inserting the section number data into each data section and what encryption method is used Can be recognized, but it cannot be recognized which storage computer stores the individual data pieces.

[Data Restoration Processing] FIG. 5 is a flowchart showing a data restoration processing program executed by the receiving computer at the time of a restoration request in the first embodiment. In FIG. 5, first, in step 71, it is checked whether or not there is a data restoration request for the management target data Di.
Only when there is a data restoration request, the process proceeds to step 7
Proceed to 2. In step 72, step 6 in FIG.
4, the time stamp Ti stored in the reception computer 1 in association with the management target data Di and the storage computer
Based on the information about the CPUn, data sections D ″ i1 to D ″ in, which are double-encrypted versions of all the data sections constituting the management target data Di, are acquired. Specifically, only the storage computers corresponding to CPU1 to CPUn in all the storage computers need to be searched, and only the data slice to which the time stamp Ti is attached among the stored data slices needs to be acquired. This allows the receiving computer 1 to store the data pieces D ′ ″ i1 to D ′ ″ in in FIG. 6 without using information on which storage computer is the individual storage destination.
As shown in (a), all data sections D '''i1 to D''' in
Will be collected.

In the next step 73, based on the information on the common encryption method stored in the receiving computer 1 in step 64 of FIG. '' i1 to D '''in are restored to single-encrypted data sections D'' i1 to D''in. Further, in the next step 74, the information is individually encrypted based on the information on the individual encryption method Cn stored in the reception computer 1 in step 64 of FIG. 2 in association with each data section Din of the management target data Di. Each of the data sections D ″ i1 to D ″ in is restored, and FIG.
Unencrypted data sections D'i1 to D'in as shown in
And

In the next step 75, based on the position designation data stored in the reception computer 1 in step 64 of FIG. 2 in association with each data section Din of the management target data Di, the data sections D'i1 to D'in The section number data i1 to in inserted at the designated positions shown in FIG. As a result of extracting the section number data, FIG.
The intercept data Di1 to Din as shown in FIG. Then, in the next step 76, the data segments Di1 to Din after the extraction of the segment number data are rearranged in order based on the extracted segment number data in, thereby restoring the management target data Di as before.

Next, the security strength in the data distribution management system using the network of the present embodiment will be described. According to the data distributed storage processing program of FIG. 2, the management target data received by the reception computer 1 is divided immediately after reception and no longer exists in the reception computer 1, so that the entire management target data is transferred from the reception computer 1 by a third party. It is extremely difficult to obtain illegally. Each data section formed by dividing the management target data in the reception computer 1 is shown in FIG.
Are stored in the storage computers determined at random in a state in which various processes such as encryption have been performed by the execution of steps 56 to 63, so that a third party invades one storage computer. Even if the data intercept stored there can be obtained illegally,
In order to obtain all the data sections constituting the data to be managed, first, information for specifying each data section constituting the data to be managed (in the above example, a time stamp associated with the data to be managed) and Since it is necessary to illegally obtain information about the storage computer of each data section and grasp the location of all data sections, and then obtain each data section from all storage computers that are storage destinations, Extremely difficult. As described above, the security strength is enhanced.

Even if all data sections can be obtained, it is extremely difficult to restore the data to be managed for the following reasons. That is, at the time of executing the steps 73 and 74 of the data restoration processing program of FIG. 5, if the information on the individual encryption method and the common encryption method of each data section in the reception computer 1 is not obtained, any encryption method You will have to try and you will spend a lot of time and effort breaking the code. In addition, since each piece of data contains piece number data, which is data unrelated to the original data, a third party who does not know that the piece number data has been inserted can illegally modify the data piece. However, if the position designation data corresponding to each data section stored in the reception computer 1 is not obtained, the section number data can be extracted from each data section, or the data section after the extraction of the section number data can be obtained. Cannot be rearranged based on the intercept number data, and it is extremely difficult to restore the management target data. As described above, the security strength is enhanced.

Therefore, according to the data distribution management method using the network of the present embodiment, steps 56, 57, 64 of the data distribution storage processing program of FIG. 2 and steps 75, 7 of the data restoration processing program of FIG.
By performing the processing of No. 6, the time and cost required for the data processing are compared with a case where the security enhancement technique of inserting the section number data including the reception number and the data sequence number into the designated position of each data section is not used. However, since the security strength is significantly enhanced, the security strength can be efficiently enhanced.

In the first embodiment, the designated position for inserting the section number data into each data section is determined individually for each data section. However, the section number data is inserted into each data section. May be common to all data sections. In this case, although the degree of enhancement of the security strength is slightly reduced, the basic concept of the security enhancement is the same, so that the security strength is sufficiently enhanced.

In the first embodiment, each data segment is double-encrypted by two individual and common encryption methods. However, the encryption by the common encryption method may be omitted. In this case, although the degree of enhancement of the security strength is slightly reduced, the basic concept of the security enhancement is the same, so that the security strength is sufficiently enhanced.

[Brief description of the drawings]

FIG. 1 is a diagram showing a configuration of a network used for implementing a data distribution management method according to a first embodiment of the present invention.

FIG. 2 is a flowchart showing a data distribution storage processing program executed by a receiving computer in the first embodiment.

FIGS. 3A to 3H are diagrams for explaining a distributed storage operation of managed data in the first embodiment.

FIG. 4 is a diagram illustrating a three-dimensional map used in place of a random number to determine a designated position for inserting section number data into each data section in the first embodiment.

FIG. 5 is a flowchart showing a data restoration processing program executed by a receiving computer at the time of a restoration request in the first embodiment.

FIGS. 6A to 6E are diagrams for explaining a restoration operation of the management target data in the first embodiment.

[Explanation of symbols]

 DESCRIPTION OF SYMBOLS 1 Receiving computer 2 Network 3-1, 3-2, ..., 3-k Storage computer

 ──────────────────────────────────────────────────続 き Continued on the front page F term (reference) 5B017 AA03 BA07 CA15 CA16 5B085 AA01 AE03 AE08 5J104 AA11 AA18 AA36 PA07

Claims (5)

[Claims] When managing data in a distributed manner using a plurality of computers connected to a network, the plurality of computers are configured to include one receiving computer and at least two storage computers, A step of assigning a single reception number (i) to the received managed data (D) in the computer; and (Din), inserting the segment number data (in) including the reception number and the data sequence number at the designated position of each divided data segment (Din), and after inserting the segment number data. Each data intercept
(D'in) encrypting each using an individual encryption method (Cn) selected at random from a plurality of encryption methods set in advance, and each data section after encryption (D``in)
Respectively in a storage computer (CPUn) selected at random from the storage computers, and information for specifying each data section (Din) constituting the management target data (Di) and each data section. Encryption method (Cn) corresponding to (Din) and storage computer (CPUn) at the storage destination
And the step of storing information in the reception computer, respectively, to perform data distributed storage processing, and at the time of a data restoration request for the management target data (Di),
In the receiving computer, encryption is performed based on information for designating each data section (Din) constituting the data to be managed (Di) and information on a storage computer (CPUn) of a storage destination corresponding to each data section (Din). Obtaining each data section (D''in) after encryption, restoring each obtained data section (D'' in) based on the corresponding encryption method (Cn), and Data intercept (D'in)
The step of extracting the section number data (in) inserted at the designated position of each and the step of rearranging each data section (Din) after extracting the section number data based on the extracted section number data (in) are sequentially performed. A data distribution management method using a network, characterized by performing a data restoration process by executing the method. 2. A designated position for inserting the section number data into each of the divided data sections is randomly determined for each data section, and information on the determined designated position is associated with the data section. The data distribution management system using a network according to claim 1, wherein the data is stored in a reception computer. 3. The specified position comprises a data length of the data segment and a division processing time of the data segment.
The determination is made by referring to a preset three-dimensional map based on two parameters expressed by different combinations of two elements of the three elements of minute and second. 2. A data distribution management method using the network described in 2. 4. The data distribution management method using a network according to claim 2, wherein a minimum data length of each of the divided data segments is 2 bytes. 5. The reception computer according to claim 1, wherein the reception computer also serves as one of the storage computers.
5. A data distribution management method using a network according to any one of the above items 4 to 4.