WO2013065544A1 - Data distribution management system - Google Patents
Data distribution management system Download PDFInfo
- Publication number
- WO2013065544A1 WO2013065544A1 PCT/JP2012/077460 JP2012077460W WO2013065544A1 WO 2013065544 A1 WO2013065544 A1 WO 2013065544A1 JP 2012077460 W JP2012077460 W JP 2012077460W WO 2013065544 A1 WO2013065544 A1 WO 2013065544A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- distributed
- information
- data distribution
- identification information
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6272—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
Definitions
- the present invention relates to a data storage technique, and more particularly to a technique effective when applied to a data distribution management system that distributes and stores one or more data in different servers.
- the risk of information leakage due to loss of the terminal due to the so-called thin client that stores data including important data in the terminal in an external data center or server where security measures are taken It is conceivable to reduce.
- the important data is not stored in an external server or the like as it is, but for example, the so-called secret sharing technique described in Non-Patent Document 1 or the like is used, and the important data alone is meaningless. It has also been proposed to divide into non-critical data (important data cannot be reconstructed / inferred) and to store these non-critical data in a plurality of external servers. Thereby, for example, the risk of information leakage can be reduced even in the case of storage in a virtual data center or virtual server in a cloud computing environment.
- distributed management information including information on where the data is stored in which server by the information processing apparatus of each user who is the distribution source, a specific management server such as a file server, and the like May be included).
- Patent Document 1 stores tally folders A, B,... For storing tally files, a restoration destination folder for storing restoration files, and a tally object file by an information management computer.
- a tally object folder, a tally engine folder containing a restoration engine program and a division engine program, and a tally parameter including information on a decoding boundary, which is a range that can be read by the tally application, are set as tally object files A, B,.
- the tally file name / storage location and the object information of the restoration destination folder are stored in, the tally file is collected directly based on the tally file storage location and the decoding boundary, the restoration file is generated, and the restoration file is stored and opened.
- Distributed information file management means for restoring efficiently locate and original data to prevent file is described.
- an information processing apparatus that is a data distribution source, a specific management server such as a file server, and the like store important data (specifically, Holds distributed management information related to one or more distributed data related to important data), and thus has a problem in terms of security. That is, for example, if a portable terminal that is a data distribution source holds the distributed management information related to important data and is stolen or lost, the distributed management information is viewed by a third party. As a result, information on the location of distributed data related to important data (host name and network address of each server that stores the distributed data, URL (Uniform Resource Locator) etc. information for accessing the distributed data) can be obtained. Have a risk.
- the distribution destination server may be changed due to a failure in use of the distributed storage destination server or the like.
- it becomes necessary it becomes necessary to individually rewrite the contents of the distribution management information with the information of the new storage destination server or the like in each information processing apparatus of the data distribution source.
- the distribution destination server is a virtual server using a cloud computing service, it must be operated in an unknown state when the virtual server is stopped, and the distribution destination virtual server is changed.
- the user when a user loses a portable terminal or the like that is a distribution source of data, the user tries to access distributed data (original important data with respect to the distributed data) using another information processing apparatus, When accessing distributed data from an information processing device that is not normal at another business location or business trip destination, etc., the user's information processing device is concerned with the target important data (distributed data for important data). There is no distributed management information. For this reason, it is impossible to grasp on which server each distributed data is distributed and stored, and it becomes impossible to access the distributed data.
- an object of the present invention is to provide distributed storage of data without having distributed management information in an information processing apparatus that is a data distribution source, and without being affected by which server or the like the distributed data is stored.
- An object of the present invention is to provide a data distribution management system that can be performed.
- a data distribution management system is connected to a plurality of information processing devices having a storage device and the respective information processing devices via a network, and collectively handles corresponding to the original data.
- a data distribution management system having a data distribution apparatus that distributes and stores one or more distributed data to be stored in the storage device of the information processing apparatus, and has the following characteristics.
- the data distribution apparatus generates a distributed data processing unit that performs processing related to the association between the original data and one or more of the distributed data, and identification information that can identify and specify the original data.
- a pointer file processing unit for generating a pointer file including the identification information corresponding to the original data, and each of the distributed data corresponding to the original data to which the identification information corresponding to the original data is added.
- a distributed processing unit for transmitting to the different information processing apparatuses.
- Each of the information processing apparatuses includes a distributed storage unit that stores the distributed data transmitted from the data distribution apparatus in the storage device.
- the information processing apparatus that is the data distribution source does not have the distribution management information, and is not affected by which server or the like the distributed data is stored.
- data can be distributed and stored.
- the data distribution management system is a system that distributes and stores a plurality of distributed data that is handled collectively in correspondence with original data such as important data in storage devices such as other data centers and servers.
- the distributed management information including the information relating to the location of each distributed data stored in which data center or server is not included.
- the data distribution apparatus that performs distributed storage of data generates and holds identification information for identifying each original data, and header information of each distributed data By adding the identification information to the ID, it is possible to collect necessary distributed data without requiring information relating to the location of the data center or server where each distributed data is stored.
- one or more distributed data items that are handled in batches corresponding to the original data are collectively acquired in response to a processing request such as one-time storage, browsing, or reference for the target original data. Or one or more data to be processed such as storage, display, etc.
- a processing request such as one-time storage, browsing, or reference for the target original data.
- one or more data to be processed such as storage, display, etc.
- a plurality of pieces of divided data generated by secret sharing processing from important data that is original data are shown as distributed data, but the present invention is not limited to this.
- a series of related files generated by the business application a series of work files specified by the user, etc. for management data such as projects and projects created by the user, respectively.
- Such data may be distributed and stored in a server or the like as distributed data.
- there may be one distributed data for the original data for example, the target original data itself) (use form as remote copy or backup).
- the data distribution device When the data distribution device collects necessary distributed data from each data center, server, etc., the data distribution device specifies all or part of the identification information related to the original data and sends it to each data center, server, etc. Then, a message for inquiring whether or not the distributed data corresponding to the original data is held is broadcast (or multicast). In response to the message, the data center or server holding the target distributed data responds to the data distribution device with the target distributed data. Necessary distributed data can be collected without requiring management information.
- each distributed data is acquired by the distribution management information being obtained by a third party when the data distribution device is stolen or lost. It is possible to avoid the risk that the information related to the storage location is known and the distributed data can be accessed. In addition, the storage location of each distributed data can be easily changed without depending on which data center or server stores each distributed data, thereby improving system availability and flexibility. It becomes possible.
- the data distribution apparatus can restore the identification information of each data. For example, when information identifying a user, such as a user ID, is given by the user, the data distribution apparatus broadcasts (or multicasts) a message for inquiring identification information related to the user. A data center or server having distributed data having target identification information responds to the data distribution apparatus with the target identification information, so that the data distribution apparatus corresponds to each data usable by the user. Identification information can be acquired / restored, and corresponding distributed data can be collected based on this identification information.
- FIG. 1 is a diagram showing an outline of a configuration example of a data distribution management system according to the first embodiment of the present invention.
- the data distribution management system 1 has a configuration in which a data distribution apparatus 100 and one or more servers 200 are connected to each other via a network 300 such as the Internet and can communicate with each other.
- a configuration having a plurality of data distribution devices 100 may also be possible.
- the data distribution apparatus 100 is configured by an information processing apparatus such as a PC or a portable terminal.
- the data distribution apparatus 100 and the pointer file processing unit 120 are implemented by a software program that operates on an operating system (not shown).
- user information 160 that is data such as a database, a file, and a registry that holds information (for example, account information) related to a user who can use the data distribution management service by the data distribution apparatus 100 or the data distribution management system 1.
- a pointer file 150 having a function as a pointer that points to the distributed data 410 stored in each server 200 is provided corresponding to each of the plurality of original data 400.
- the distributed data processing unit 110 performs processing related to the association between the original data 400 and one or more distributed data 410 handled in a lump in correspondence with the original data 400.
- n pieces of divided data to be distributed data 410 are generated by the (k, n) threshold secret sharing method for the specified original data 400, and conversely, A known secret sharing library that restores the original data 400 by using (k, n) threshold secret sharing method with k or more pieces of shared data 410 as divided data.
- the distributed data 410 is not limited to data generated from the original data 400 or generated based on the original data 400 as in the present embodiment. It may be a plurality of data. Further, the distributed data 410 may be one (for example, the original data 400 itself).
- the pointer file processing unit 120 generates a pointer file 150 having a function as a pointer that points to the distributed data 410 corresponding to each of the plurality of original data 400. Further, processing is performed on the original data 400 (or the corresponding distributed data 410) based on an instruction from the user to the pointer file 150 via the interface unit 140 described later.
- the pointer file 150 has a function of pointing to the original data 400 (and corresponding distributed data 410), but does not have the entity of the original data 400.
- the contents of the pointer file 150 are as described below. It has identification information that identifies and identifies the corresponding distributed data 410). That is, the pointer file 150 is similar to a so-called shortcut, symbolic link, alias, or the like for the original data 400 (and corresponding distributed data 410). This identification information is also added as header information or the like to each distributed data 410 generated by the distributed data processing unit 110.
- the pointer file processing unit 120 further includes an identification information generation unit 121 in order to generate this identification information.
- an ID generation unit 122 is provided to generate various ID values included in the identification information.
- the ID generation unit 122 includes a library having a known function that can generate a unique ID (universal ID) that does not overlap with a plurality of different data distribution apparatuses 100.
- the distributed processing unit 130 adds identification information to the distributed data 410 associated with the original data 400 by the distributed data processing unit 110, and distributes and stores the distributed data in each server 200 based on a predetermined rule, and the original data 400 includes a collection unit 132 that collects the distributed data 410 associated with each of the servers 200 from each server 200. Further, it may have a server list 133 including a list of servers 200 that can be storage destinations of the distributed data 410.
- the distribution unit 131 is generated by, for example, the (k, n) threshold secret sharing method by the distributed data processing unit 110, and n pieces of distributed data to which identification information is added by the pointer file processing unit 120.
- 410 is distributed and stored in n different servers 200 selected from the server list 133.
- n servers 200 that store the distributed data 410 are selected from among them by, for example, rotation or random extraction.
- the collection unit 132 inquires of each server 200 whether or not it has the distributed data 410 associated with the original data 400, and collects the distributed data 410 transmitted from the server 200 that has it. .
- the distributed data processing unit 110 collects k or more pieces of distributed data 410 necessary for restoring the original data 400 by the (k, n) threshold secret sharing method.
- a message including all or part of the identification information included in the pointer file 150 corresponding to the target original data 400 is broadcast to all the servers 200 (or listed in the server list 133). Multicast to each of the servers 200 being configured.
- a broadcast (multicast) protocol a known technique can be used as appropriate.
- the interface unit 140 has an input / output function such as a user interface such as a screen display in the data distribution apparatus 100.
- the user can use the functions of the data distribution management system 1 by using, for example, a file management screen or application provided in a general OS.
- the original data 400 is moved to a specific folder or the like by a simple operation such as drag and drop.
- the distributed data processing unit 110 generates the distributed data 410
- the distributed processing unit 130 stores the distributed data in the servers 200 in a distributed manner.
- the pointer file processing unit 120 generates a pointer file 150 corresponding to the original data 400 and replaces the original data 400 such as a specific folder. Thereafter, access such as reference to the original data 400 from the user is performed on the pointer file 150 arranged in a specific folder or the like.
- the pointer file processing unit 120 causes the distributed data 410 associated with the original data 400 specified by the pointer file 150 to be Collected from each server 200 by the distributed processing unit 130. Further, when necessary as in the present embodiment, the original data 400 is restored from the collected distributed data 410 by the distributed data processing unit 110. Thereafter, the original data 400 or the distributed data 410 is displayed by a related application program or the like. Thereby, it is possible to provide the user with an interface equivalent to processing such as storage / reference for the original data 400, and to conceal the processing related to the distributed data 410.
- the server 200 is an information processing apparatus having a storage device such as an HDD (Hard Disk Disk Drive) (not shown) that can store the distributed data 410 transmitted from the data distribution apparatus 100, such as a file server or a storage server. Consists of. Moreover, the data center which has these information processing apparatuses may be sufficient. Further, it may be a virtual server or a virtual data center by a cloud computing service.
- a storage device such as an HDD (Hard Disk Disk Drive) (not shown) that can store the distributed data 410 transmitted from the data distribution apparatus 100, such as a file server or a storage server. Consists of.
- the data center which has these information processing apparatuses may be sufficient. Further, it may be a virtual server or a virtual data center by a cloud computing service.
- the server 200 includes, for example, a distributed storage unit 210 that is implemented by a software program that runs on an OS (not shown).
- the distributed storage unit 210 stores the distributed data 410 transmitted from the data distribution apparatus 100 in a storage device. Further, in response to a broadcast (or multicast) message from the data distribution apparatus 100, when the distributed data 410 including the identification information matching the identification information included in the message is searched for and the corresponding distributed data 410 is included. The identification information contained in the distributed data 410 or its header is returned to the data distribution apparatus 100.
- FIG. 2 is a diagram showing an example of the contents of identification information generated by the identification information generation unit 121 of the pointer file processing unit 120 and added to the pointer file 150 and the distributed data 410.
- the identification information 170 includes information such as an original file ID (FID) 171, a current file ID (FID) 172, and a user ID 173, for example.
- the original FID 171 is an ID for uniquely identifying the entire original data 400 (a file made up of the original data 400) including each version (generation).
- the original FID 171 is used when the original data 400 is first distributed and stored, that is, when the distributed data 410 is first generated from the original data 400 and distributed and stored in each server 200. Assigned to identify data 400 and corresponding distributed data 410.
- the current FID 172 is an ID for uniquely identifying each version (generation) of the original data 400 (a file including the original data 400).
- the current FID 172 is an ID assigned to the latest version (generation) of original data 400 when the original data 400 is first distributedly stored and then edited or updated. . That is, initially, the value of the current FID 172 is the same as the value of the original FID 171, and thereafter, the distributed data 410 necessary for editing the original data 400 is collected, and the latest original data 400 after editing is again collected.
- the ID is assigned every time the distributed data 410 is associated with the distributed data 410 and distributedly stored in each server 200. It is assumed that the value of original FID 171 is not updated as it was initially assigned.
- the current FID 172 is not only an ID for specifying the latest original data 400 and the corresponding distributed data 410, but also has a role as version information of the original data 400. That is, when the distributed storage unit 210 of each server 200 stores the distributed data 410 for the latest original data 400 after editing, the distributed data 410 for the previous version of the original data 400 (the latest is a header or the like) (The current FID 172 of the identification information 170 included in is different) is left as a history. As a result, each server 200 stores the distributed data 410 corresponding to a plurality of versions of the original data 400, so that the version of the original data 400 designated by the user and the corresponding distributed data 410 can be obtained.
- a plurality of distributed data 410 having different current FIDs 172 but the same original FIDs 171 can be determined to be of different versions of the same original data 400.
- the user ID 173 is an ID that identifies a user corresponding to the identification information 170, that is, a user who created or edited the original data 400 corresponding to the identification information 170. This ID information can be associated with the ID information of each user registered in the user information 160, for example.
- Each ID of the identification information 170 needs to be a unique ID that does not overlap in the data distribution management system 1. Accordingly, these IDs can be IDs (universal IDs) generated by the ID generation unit 122 of the pointer file processing unit 120, for example.
- IDs universal IDs
- the user ID 173 for example, the user ID in the account information of each user stored in the user information 160 may be used, and to this, an organization or group to which a user such as a department or a company belongs, and data distribution By adding information for identifying a contract unit of the data management service provided by the management system 1, the ID may be unique within the data distribution management system 1.
- FIG. 3 is a diagram showing an outline of an example of processing when the original data 400 and a plurality of distributed data 410 are associated and stored in a distributed manner.
- the distributed data processing unit 110 when receiving an instruction to save the original data 400 from the user via the interface unit 140, first, the distributed data processing unit 110 generates one or more distributed data 410 from the original data 400 (S01). ).
- the distributed data processing unit 110 when receiving an instruction to save the original data 400 from the user via the interface unit 140, first, the distributed data processing unit 110 generates one or more distributed data 410 from the original data 400 (S01). ).
- n pieces of distributed data 410 that cannot be restored without collecting k pieces or more from the original data 400 by (k, n) threshold secret sharing method are generated. To do.
- the original data 400 and the n distributed data 410 are associated with each other.
- the pointer file processing unit 120 generates identification information 170 for the original data 400 (S02), and further generates a pointer file 150 including the identification information 170 (S03).
- the ID generation unit 122 or the like generates information of each ID in the identification information 170
- the identification information generation unit 121 generates the identification information 170 including these IDs.
- the pointer file processing unit 120 generates a pointer file 150 including the contents of the identification information 170. At this time, for example, by making the file name (excluding the extension) of the pointer file 150 the same as the original data 400, the user can easily identify the pointer file 150 corresponding to the original data 400.
- each distributed data is processed by the distribution unit 131 of the distributed processing unit 130.
- 410 is transmitted to a plurality of different servers 200 (server A (200a) and server B (200b) in the example of FIG. 3) for distributed storage (S04).
- the plurality of servers 200 are selected from the servers 200 registered in the server list 133 by rotation or random extraction, for example.
- n servers 200 that store the n distributed data 410 generated by the distributed data processing unit 110 are selected.
- a process of inquiring each server 200 as to whether or not the distributed data 410 can be stored may be performed.
- the distributed storage unit 210 stores the distributed data 410 in the storage device (S05). At this time, if the distributed data 410 corresponding to the past version of the original data 400 exists, the distributed data 410 may be left and stored. In this case, the distributed data 410 corresponding to the past version of the original data 400 is further deleted and organized (S06), and a series of processing results are returned to the data distribution apparatus 100.
- step S06 the distributed storage unit 210 uses the distributed data 410 having the identification information 170 including the original FID 171 identical to the original FID 171 of the identification information 170 included in the header of the latest distributed data 410 to be newly stored (that is, The distributed data 410) corresponding to different versions of the same original data 400 is searched. If the number of retrieved distributed data 410 is greater than a predetermined number (number of storable generations), the oldest distributed data 410 is deleted in order from the oldest distributed data 410 until the predetermined number of generations are reached. In addition, the new and old of the distributed data 410 can be grasped by, for example, a time stamp attached to a file including the distributed data 410.
- the deletion processing of the old distributed data 410 in step S06 may be performed each time the distributed data 410 is stored in step S05, or is periodically started at each server 200 at a predetermined time. Alternatively, all distributed data 410 may be collectively processed by a batch program or the like.
- a specific version of the distributed data 410 (that is, the distributed data 410 having the identification information 170 including the specific current FID 172) may be locked so as not to be deleted by a procedure similar to the ID locking procedure described later. Is possible.
- the data distribution apparatus 100 determines whether or not the distributed storage processing has been normally completed by the distribution unit 131 (S07). For example, in the present embodiment, it is determined whether n pieces of distributed data 410 have been normally stored in n servers 200. If there is distributed data 410 that could not be stored normally, another server 200 may be selected and the processes in steps S04 to S06 may be retried until all the distributed data 410 can be stored. Further, when there is no longer a server 200 that can be stored, the distributed storage process may be terminated as an error. At this time, the processing already performed may be rolled back.
- the data distribution apparatus 100 deletes the original data 400 and the generated distributed data 410 held on the data distribution apparatus 100 (S08), and ends the process. By deleting these data on the data distribution apparatus 100, it is possible to avoid the leakage of the original data 400 (and corresponding distribution data 410) for theft or loss of the data distribution apparatus 100 itself. It becomes.
- the pointer file 150 held on the data distribution apparatus 100 has only file ID information for identifying the original data 400 (and corresponding distribution data 410), and information and data related to the data content itself are included. It does not have information related to the server 200 that is actually stored. Therefore, even if a third party knows the contents of the pointer file 150, the distributed data 410 cannot be collected, and the original data 400 cannot be restored (information related to the original data 400 can be obtained).
- the original data 400 and the distributed data 410 are deleted from the data distribution apparatus 100 in consideration of the security viewpoint as described above.
- the backup of the original data 400 on the data distribution apparatus 100 is used.
- the original data 400 may be left without being deleted.
- FIG. 4 is a diagram showing an outline of an example of processing when collecting a plurality of distributed data 410 and obtaining original data 400 from these.
- the pointer file processing unit 120 When an instruction to refer to the original data 400 (including reference for editing) is received by an operation on the pointer file 150 by the user via the interface unit 140, first, the pointer file processing unit 120 The contents of the identification information 170 included in the pointer file 150 are acquired (S11). Next, based on the information of the current FID 172 in the identification information 170, the collection unit 132 of the distributed processing unit 130 inquires each server 200 whether the corresponding distributed data 410 is held (S12).
- an inquiry message of the distributed data 410 including information on the current FID 172 is broadcast to each server 200.
- the load on the network 300 may be reduced by multicasting the servers 200 listed in the server list 133.
- Each server 200 that has received the inquiry broadcast message acquires the information of the current FID 172 included in the message by the distributed storage unit 210, and searches the distributed data 410 corresponding to the current FID 172 (S13). Specifically, the distributed data 410 having the identification information 170 including the current FID 172 that matches the current FID 172 included in the message in the header or the like is searched. When the corresponding distributed data 410 is not stored (for example, the server B (200b) in FIG. 4), a response to that effect is sent to the data distribution apparatus 100.
- the corresponding distributed data 410 is stored (for example, server A (200a) in FIG. 4), it is confirmed whether or not the identification information 170 included in the header of the distributed data 410 is locked. (S14). Specifically, it is confirmed whether or not the value of each ID (original FID 171, current FID 172 or user ID 173) in the target identification information 170 is registered in a lock list (not shown) held in the server 200. If registered, since the use of the target distributed data 410 is locked, a response to that effect is sent to the data distribution apparatus 100. If not registered, the target distributed data 410 is transmitted to the data distribution apparatus 100 (S15). Registration of IDs in the lock list will be described later.
- the data distribution apparatus 100 can acquire the original data 400 from the collected distributed data 410 (distributed data 410 transmitted from each server 200) by the collection unit 132. It is determined whether or not there is (S16). For example, in this embodiment, it is determined whether or not k or more pieces of distributed data 410 that can restore the original data 400 have been collected. When the original data 400 cannot be acquired (restored), that is, when there are less than k pieces of distributed data 410 that can be collected in the present embodiment, the acquisition process of the original data 400 may be terminated as an error. .
- the distributed data processing unit 110 acquires (restores) the original data 400 from the collected distributed data 410 (S17), and the process ends.
- the original data 400 is restored from the collected k or more pieces of distributed data 410 by the (k, n) threshold secret sharing method.
- an application program associated therewith may be activated to display the restored original data 400.
- the user performs the same processing as that for the original data 400 on the pointer file 150 via the interface unit 140, whereby the data distribution apparatus 100 collects the necessary distributed data 410 and collects the original data 400. Since the distributed data 410 is distributed and stored in the plurality of servers 200, the original data 400 (or the corresponding distributed data 410) can be seamlessly obtained. Can be accessed. The data distribution apparatus 100 can also collect the necessary distributed data 410 without retaining information on which server 200 each distributed data 410 is stored in.
- each server 200 is inquired as to whether the distributed data 410 is held based on the information of the current FID 172 in the identification information 170.
- the inquiry may be made using the ID information.
- current FID 172 current FID 172
- the distributed data 410 corresponding to the original data 400 created and edited by the corresponding user can be collected.
- the pointer file 150 having the identification information 170 including the file ID of the original data 400 (and the corresponding distributed data 410) and the user ID information exists on the data distribution apparatus 100, it is referred to by a third party. obtain. Therefore, in the present embodiment, when the data distribution apparatus 100 is stolen or lost, the risk that the distributed data 410 is acquired from each server 200 based on the information of each ID included in the identification information 170 by a third party. Therefore, it is possible to restrict the use of the corresponding distributed data 410 by locking each ID in the identification information 170.
- FIG. 5 is a diagram showing an outline of an example of processing when the use of the distributed data 410 is locked and acquisition of the original data 400 and the corresponding distributed data 410 is restricted.
- the user specifies an ID value to be locked via the interface unit 140 (S21). Specifically, a value is specified for at least one of the original FID 171, the current FID 172, and the user ID 173 in the identification information 170.
- the distribution unit 131 of the distribution processing unit 130 instructs each server 200 to lock the ID (S22). Specifically, a lock instruction message including a lock target ID value is broadcast (or multicast) to each server 200.
- Each server 200 that has received the lock instruction broadcast message registers the ID information included in the message in a lock list (not shown) or the like (S23). After that, the success or failure of registration is returned to the data distribution apparatus 100.
- the data distribution apparatus 100 determines whether or not the registration of the ID to the lock list has been normally completed in all the target servers 200 (S24). . If there is a server 200 that has failed to register or a server 200 that has failed to receive a response due to timeout, the ID lock processing may be terminated as an error. At this time, the processing already performed may be rolled back.
- the ID lock process is terminated.
- the unlocking of the ID can also be realized by deleting the registration of the target ID from the lock list in each server 200 by the same process as described above.
- FIG. 6 is a diagram showing an outline of an example of processing when restoring the pointer file 150 when the data distribution apparatus 100 does not exist.
- the original data distribution device 100 the pointer file 150 corresponding to the original data 400 is stored.
- the pointer file 150 (and the identification information 170 included therein) is restored to restore the original data 400 or the corresponding distributed data 410 can be accessed.
- the user designates the information of the user ID 173 in the identification information 170, which is key information for restoring the pointer file 150, via the interface unit 140 (S31).
- the distribution unit 131 of the distribution processing unit 130 inquires each server 200 about the identification information 170 (S32). Specifically, the inquiry message of the identification information 170 including the user ID 173 having a designated value is broadcast (or multicast) to each server 200.
- Each server 200 that has received the broadcast message for inquiry about the identification information 170 acquires the information of the user ID 173 included in the message, and searches for the identification information 170 that matches the user ID 173 (S33). Specifically, the identification information 170 including the user ID 173 that matches the value of the user ID 173 included in the message is searched from the header of each distributed data 410 stored. If there is no corresponding identification information 170 (distributed data 410 having this in the header or the like) (for example, server A (200a) in FIG. 6), a response to that effect is sent to the data distribution apparatus 100.
- the corresponding identification information 170 distributed data 410 having this in the header or the like
- server B 200b
- the corresponding identification information 170 is included (for example, server B (200b) in FIG. 6)
- S34 it is confirmed whether or not the value of each ID (original FID 171, current FID 172, and user ID 173) in each corresponding identification information 170 is registered in the lock list of the server 200. If one or more of the corresponding identification information 170 is not locked, this is transmitted to the data distribution apparatus 100. On the other hand, if all the identification information 170 is locked, the corresponding identification information 170 is transmitted. A response indicating that there is no data is returned to the data distribution apparatus 100 (S35).
- the data distribution apparatus 100 restores the pointer file 150 including the identification information 170 by the collection unit 132 based on the collected identification information 170 (S36), and ends the processing. .
- the data distribution apparatus 100 restores the pointer file 150 including the identification information 170 by the collection unit 132 based on the collected identification information 170 (S36), and ends the processing.
- S36 collected identification information 170
- the same file name as the file name of the original data 400 can be set. Can not. Therefore, a dummy file name is automatically set, or the identification information 170 holds not only the ID information as shown in FIG. 2 but also the file name information of the original data 400 for each current FID 172.
- the file name of the pointer file 150 may be set based on this information.
- the data distribution apparatus 100 does not have distribution management information including information related to the storage destination of the distributed data 410, Further, the original data 400 can be distributed and stored without being affected by which server 200 the distributed data 410 is stored.
- the data distribution apparatus 100 collects necessary distributed data 410 from each server 200
- the data distribution apparatus 100 designates all or a part of the identification information 170 related to the original data 400 to each server 200.
- a message for inquiring whether or not the distributed data 410 related to the original data 400 is held is broadcast.
- the server 200 holding the target distributed data 410 returns the target distributed data 410 to the data distribution apparatus 100, so that the data distribution apparatus 100 stores the distributed data 410 in the storage location. Necessary distributed data 410 can be collected without requiring such distributed management information.
- the information regarding the storage location of each distributed data 410 is known by the distribution management information being acquired by a third party, It is possible to avoid the risk that the distributed data 410 can be accessed. Further, it is possible to easily change the server 200 that stores each distributed data 410 without depending on which server 200 stores each distributed data 410.
- the data distribution apparatus 100 stores the identification information 170 corresponding to each original data 400 and the pointer file 150 having the identification information 170. It can be restored. For example, when the information of the user ID 173 is given by the user, the data distribution apparatus 100 broadcasts a message inquiring whether or not the identification information 170 including the user ID 173 is included. When the server 200 having the distributed data 410 including the target identification information 170 in the header or the like responds to the data distribution device 100 with the target identification information 170, the data distribution device 100 can be used by the user. The identification information 170 corresponding to the original data 400 and the pointer file 150 including the identification information 170 can be acquired and restored.
- n servers 200 that store the distributed data 410 corresponding to the original data 400 are operating normally. If k or more distributed data 410 can be collected from each server 200, the original data 400 can be restored. That is, it has high availability in that the original data 400 can be normally restored if the number of servers 200 that cannot acquire the distributed data 410 due to a failure or the like is (n ⁇ k) or less.
- the data distribution apparatus 100 is a single point, and therefore the data distribution apparatus 100 becomes an obstacle. If this happens, the original data 400 cannot be restored.
- FIG. 7 is a diagram showing an outline of a configuration example of the data distribution management system 1 according to the second embodiment of the present invention. 7 has a configuration in which a plurality of client terminals 500 are connected to the data distribution apparatus 100 configured as a file server. Furthermore, the data distribution apparatus 100 as a file server is configured by redundancy with a plurality of servers.
- the data distribution apparatus 100 can be configured not to be a single point, and even if one server constituting the data distribution apparatus 100 is stopped due to a failure or the like, the data distribution apparatus 100 can take over to another server. Availability can be improved by continuing processing. At this time, for example, a plurality of servers constituting the data distribution apparatus 100 are configured by a plurality of virtual servers on one or more physical servers 101 as shown in FIG. can do.
- the data distribution apparatus 100 as a file server has a pointer file 150 and an interface unit 140. From the client terminal 500, the data distribution apparatus By accessing the pointer file 150 on 100 via the network 300, the corresponding original data 400 can be restored on the data distribution device 100 and transmitted locally on the client terminal 500. .
- the distributed processing unit 130 of the data distribution apparatus 100 selects n servers 200 each storing the n distributed data 410 generated from the original data 400 by the distributed data processing unit 110. .
- the server 200 is selected by, for example, rotation or random extraction from the servers 200 registered in the server list 133. At this time, a process of inquiring whether each server 200 can store the distributed data 410 (that is, the operating status of the server 200) may be performed.
- each server 200 registered in the server list 133 is, for example, an operating system including specifications, security, etc., installation location (location such as country and region, , Topographic characteristics, etc.) may be different. That is, there may be a difference in the storage capacity of the distributed data 410 in each server 200. Therefore, it may be impossible to select an appropriate server 200 according to the contents, attributes, and the like of the distributed data 410 with uniform rotation and other selection methods that do not consider such differences.
- an access right is set according to the storage capability of the distributed data 410, and the access right and the attribute of the distributed data 410 are set. Based on this, the server 200 that stores the distributed data 410 can be determined.
- FIG. 8 is a diagram showing an outline of a configuration example of the data distribution management system 1 according to the third embodiment of the present invention.
- the data distribution apparatus 100 includes an access right management server 220 for setting an access right for each server 200 that can be a target for storing the distributed data 410.
- the access right management server 220 assigns the access right to each server 200 manually or automatically based on the predetermined criteria based on the specifications of each server 200, the operation system including security, and the attribute information such as the installation location. Set.
- the access right setting server 220 is configured as an independent server, but may be configured on the same housing as the data distribution apparatus 100.
- FIG. 9 is a diagram showing an example of the contents of the identification information 170 added to the pointer file 150 and the distributed data 410 in the present embodiment.
- attribute information 174 is further added to the identification information 170 in the first embodiment shown in FIG.
- the attribute information 174 is not particularly limited in format or the like, but includes information for identifying the importance of the corresponding original data 400 (file consisting of the original data 400), the file type, and the like.
- the server 200 inquires each server 200 about access right information. Is obtained, and based on this and attribute information 174 of the identification information 170 added to the distributed data 410, it is determined whether or not storage of the distributed data 410 is permitted, and storage is permitted.
- the distributed data 410 is stored in the server 200. Accordingly, it is possible to select the server 200 that should store the target distributed data 410 according to the storage capability (access right) of the server 200, not the selection of the server 200 by simple rotation or the like.
- the present invention can be used in a data distribution management system in which one or more data is distributed and stored in different servers.
- Data distribution management system DESCRIPTION OF SYMBOLS 100 ... Data distribution apparatus, 110 ... Distributed data processing part, 120 ... Pointer file processing part, 121 ... Identification information generation part, 122 ... ID generation part, 130 ... Distributed processing part, 131 ... Distribution part, 132 ... Collection part, 133 ... server list, 140 ... interface unit, 150 ... pointer file, 160 ... user information, 170 ... identification information, 171 ... original file ID (FID), 172 ... torrent file ID (FID), 173 ... user ID, 200, 200a, b ... server, 210 ... distributed storage unit, 300 ... Network, 400 ... original data, 410 ... distributed data.
- FID original file ID
- FIG. server 210 ... distributed storage unit, 300 ... Network, 400 ... original data, 410 ... distributed data.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
Description
本発明の実施の形態1であるデータ分散管理システムは、重要データなどの元データに対応して一括して取り扱われる複数の分散データを他のデータセンターやサーバ等の記憶装置に分散保管するシステムであり、各分散データがいずれのデータセンターやサーバ等に保管されているかという所在に係る情報を含む分散管理情報を有さないものである。本実施の形態では、上記のような分散管理情報の代わりに、データの分散保管を行うデータ分散装置が、各元データを識別する識別情報を生成して保持するとともに、各分散データのヘッダ情報に当該識別情報を付加することで、各分散データが保管されているデータセンターやサーバ等の所在に係る情報を要さずに、必要な分散データの収集を可能とするものである。 <
The data distribution management system according to the first embodiment of the present invention is a system that distributes and stores a plurality of distributed data that is handled collectively in correspondence with original data such as important data in storage devices such as other data centers and servers. The distributed management information including the information relating to the location of each distributed data stored in which data center or server is not included. In the present embodiment, instead of the above distributed management information, the data distribution apparatus that performs distributed storage of data generates and holds identification information for identifying each original data, and header information of each distributed data By adding the identification information to the ID, it is possible to collect necessary distributed data without requiring information relating to the location of the data center or server where each distributed data is stored.
図1は、本発明の実施の形態1であるデータ分散管理システムの構成例について概要を示した図である。データ分散管理システム1は、データ分散装置100と、1つ以上のサーバ200とがインターネット等のネットワーク300を介して互いに接続され通信可能な構成を有する。データ分散装置100を複数有する構成であってもよい。 [System configuration]
FIG. 1 is a diagram showing an outline of a configuration example of a data distribution management system according to the first embodiment of the present invention. The data
図3は、元データ400と複数の分散データ410を対応付けしてこれらを分散保管する際の処理の例について概要を示した図である。データ分散装置100において、インタフェース部140を介してユーザから元データ400の保存の指示を受けると、まず、分散データ処理部110によって、元データ400から1つ以上の分散データ410を生成する(S01)。本実施の形態では、上述したように例えば、元データ400から(k,n)閾値秘密分散法により、k個以上集めなければ元データ400を復元することができないn個の分散データ410を生成する。これにより、元データ400とn個の分散データ410が対応付けられることになる。 [Processing flow (distributed storage)]
FIG. 3 is a diagram showing an outline of an example of processing when the
図4は、複数の分散データ410を収集して、これらから元データ400を得る際の処理の例について概要を示した図である。データ分散装置100において、インタフェース部140を介したユーザによるポインタファイル150への操作によって、元データ400の参照(編集のための参照含む)の指示を受けると、まず、ポインタファイル処理部120により、当該ポインタファイル150に含まれる識別情報170の内容を取得する(S11)。次に、識別情報170内のカレントFID172の情報に基づいて、分散処理部130の収集部132により、各サーバ200に対して対応する分散データ410を保持しているかを問い合わせる(S12)。 [Processing flow (original data acquisition)]
FIG. 4 is a diagram showing an outline of an example of processing when collecting a plurality of distributed
本実施の形態では、例えば、データ分散装置100である携帯型端末の盗難や紛失等などに際して、上述したように、データ分散装置100に元データ400を保持せず、また、各分散データ410の保管場所(サーバ200)に係る情報を含む分散管理情報も有さないことから、元データ400の漏洩のリスクを低減することができる。 [Processing flow (ID lock)]
In the present embodiment, for example, when the portable terminal that is the
図6は、データ分散装置100上にポインタファイル150を有さない場合にこれを復元する際の処理の例について概要を示した図である。本実施の形態では、データ分散装置100が盗難や紛失等にあった場合や、出張等で他の端末を利用する場合など、当初のデータ分散装置100(元データ400に対応するポインタファイル150を有するデータ分散装置100)とは異なる情報処理装置を新たにデータ分散装置100として利用する場合に、ポインタファイル150(およびこれに含まれる識別情報170)を復元して元データ400もしくは対応する分散データ410へのアクセスを可能とする。 [Processing flow (pointer file restoration)]
FIG. 6 is a diagram showing an outline of an example of processing when restoring the
図1に示したような上述の実施の形態1の構成では、元データ400に対応する分散データ410を保管するn個のサーバ200のうち、k個以上が正常に稼働しており、これらの各サーバ200からk個以上の分散データ410を収集することができれば、元データ400を復元することができる。すなわち、障害等により分散データ410を取得することができないサーバ200が(n-k)個以下であれば正常に元データ400を復元することができるという点で、高い可用性を有する。 <Embodiment 2>
In the configuration of the first embodiment as shown in FIG. 1, k or more of
上述の実施の形態1では、データ分散装置100の分散処理部130は、分散データ処理部110によって元データ400から生成されたn個の分散データ410をそれぞれ保管するn個のサーバ200を選択する。このサーバ200の選択は、上述したように、例えば、サーバリスト133に登録されたサーバ200からローテーションやランダム抽出などにより選択する。このとき、各サーバ200に対して分散データ410の保管が可能か否か(すなわちサーバ200の稼動状況)を問い合わせる処理を行ってもよい。 <Embodiment 3>
In the first embodiment described above, the distributed
100…データ分散装置、110…分散データ処理部、120…ポインタファイル処理部、121…識別情報生成部、122…ID生成部、130…分散処理部、131…分散部、132…収集部、133…サーバリスト、140…インタフェース部、150…ポインタファイル、160…ユーザ情報、170…識別情報、171…オリジナルファイルID(FID)、172…トレントファイルID(FID)、173…ユーザID、
200、200a、b…サーバ、210…分散保管部、
300…ネットワーク、
400…元データ、410…分散データ。 1 ... Data distribution management system,
DESCRIPTION OF
200, 200a, b ... server, 210 ... distributed storage unit,
300 ... Network,
400 ... original data, 410 ... distributed data.
Claims (11)
- 記憶装置を有する複数の情報処理装置と、前記各情報処理装置とネットワークを介して接続され、元データに対応して一括して取り扱われる1つ以上の分散データを前記情報処理装置の前記記憶装置にそれぞれ分散保管するデータ分散装置とを有するデータ分散管理システムであって、
前記データ分散装置は、
前記元データと1つ以上の前記分散データとの対応付けに係る処理を行う分散データ処理部と、
前記元データを識別して特定可能とする識別情報を生成し、前記元データに対応する、前記識別情報を含むポインタファイルを生成するポインタファイル処理部と、
前記元データに対応する前記識別情報がそれぞれ付加された、前記元データに対応する前記各分散データを、それぞれ異なる前記情報処理装置に送信する分散処理部とを有し、
前記各情報処理装置は、
前記データ分散装置から送信された前記分散データを、前記記憶装置に格納する分散保管部を有することを特徴とするデータ分散管理システム。 A plurality of information processing devices having a storage device, and one or more distributed data connected to each of the information processing devices via a network and handled collectively in correspondence with the original data; A data distribution management system having a data distribution device for distributed storage in each
The data distribution device includes:
A distributed data processing unit that performs processing related to the association between the original data and one or more of the distributed data;
A pointer file processing unit that generates identification information that identifies and identifies the original data, and generates a pointer file that includes the identification information and corresponds to the original data;
A distributed processing unit for transmitting each of the distributed data corresponding to the original data to each of the different information processing devices, to which the identification information corresponding to the original data is added,
Each of the information processing devices
A data distribution management system comprising: a distributed storage unit that stores the distributed data transmitted from the data distribution apparatus in the storage device. - 請求項1に記載のデータ分散管理システムにおいて、
前記データ分散装置の前記分散処理部は、
ユーザにより指定された前記ポインタファイルが有する前記識別情報の全部または一部を指定して、前記各情報処理装置に対して、前記識別情報の指定された部分に対応する前記分散データを保持しているか否かを問い合わせる第1のメッセージをブロードキャストし、
前記各情報処理装置の前記分散保管部は、
前記第1のメッセージに指定された前記識別情報の指定された部分に合致する前記識別情報を含む前記分散データが自身の前記記憶装置に保管されているかを検索し、保管されている場合は該当する前記分散データを前記データ分散装置に送信し、
前記データ分散装置の前記分散データ処理部は、
前記各情報処理装置から送信された前記分散データに基づいて対応する前記元データを取得することを特徴とするデータ分散管理システム。 In the data distribution management system according to claim 1,
The distributed processing unit of the data distribution apparatus includes:
All or part of the identification information included in the pointer file designated by the user is designated, and the distributed data corresponding to the designated part of the identification information is held for each information processing apparatus. Broadcast a first message asking whether or not
The distributed storage unit of each information processing apparatus,
A search is performed to determine whether the distributed data including the identification information that matches the specified part of the identification information specified in the first message is stored in its own storage device. Transmitting the distributed data to the data distribution device,
The distributed data processing unit of the data distribution apparatus includes:
A data distribution management system, wherein the corresponding original data is acquired based on the distributed data transmitted from the information processing apparatuses. - 請求項2に記載のデータ分散管理システムにおいて、
前記データ分散装置の前記分散処理部は、
ユーザにより指定された前記識別情報の全部または一部の値を指定して、前記各情報処理装置に対して、対応する前記分散データの使用を制限する旨の第2のメッセージをブロードキャストし、
前記各情報処理装置の前記分散保管部は、
前記第2のメッセージに指定された前記識別情報の指定された部分の情報をロックリストに登録し、さらに、前記第1のメッセージに指定された前記識別情報の指定された部分に合致する前記識別情報を含む前記分散データを検索する際に、前記分散データに含まれる前記識別情報が前記ロックリストに登録された内容を含む場合には、該当する前記分散データの使用を制限することを特徴とするデータ分散管理システム。 In the data distribution management system according to claim 2,
The distributed processing unit of the data distribution apparatus includes:
Specifying all or part of the identification information specified by the user, and broadcasting a second message to the respective information processing devices to limit the use of the corresponding distributed data,
The distributed storage unit of each information processing apparatus,
The information of the specified part of the identification information specified in the second message is registered in a lock list, and the identification that matches the specified part of the identification information specified in the first message When searching for the distributed data including information, if the identification information included in the distributed data includes contents registered in the lock list, the use of the corresponding distributed data is restricted. Distributed data management system. - 請求項1~3のいずれか1項に記載のデータ分散管理システムにおいて、
前記データ分散装置の前記分散処理部は、
ユーザにより指定された前記識別情報のうちの前記ユーザを特定する値を指定して、前記各情報処理装置に対して、対応する前記識別情報を保持しているか否かを問い合わせる第3のメッセージをブロードキャストし、
前記各情報処理装置の前記分散保管部は、
前記第3のメッセージに指定された前記ユーザを特定する値に合致する前記識別情報を含む前記分散データが自身の前記記憶装置に保管されているかを検索し、保管されている場合は、該当する前記分散データに含まれる前記識別情報を前記データ分散装置に送信し、
前記データ分散装置の前記ポインタファイル処理部は、
前記各情報処理装置から送信された前記識別情報に基づいて対応する前記ポインタファイルを復元することを特徴とするデータ分散管理システム。 The data distribution management system according to any one of claims 1 to 3,
The distributed processing unit of the data distribution apparatus includes:
A third message that specifies a value that identifies the user among the identification information specified by the user and inquires of each information processing apparatus whether or not the corresponding identification information is held. Broadcast,
The distributed storage unit of each information processing apparatus,
If the distributed data including the identification information that matches the value specified for the user specified in the third message is stored in the storage device of the third message, and if stored, it corresponds Transmitting the identification information included in the distributed data to the data distribution device;
The pointer file processing unit of the data distribution apparatus is
A data distribution management system which restores the corresponding pointer file based on the identification information transmitted from each information processing apparatus. - 請求項1~4のいずれか1項に記載のデータ分散管理システムにおいて、
前記識別情報は、前記元データ全体を識別するID情報と、前記元データが編集された際のバージョン毎の前記元データを識別するID情報と、前記元データの作成もしくは編集を行ったユーザを識別するID情報とを含むことを特徴とするデータ分散管理システム。 The data distribution management system according to any one of claims 1 to 4,
The identification information includes ID information for identifying the entire original data, ID information for identifying the original data for each version when the original data is edited, and a user who created or edited the original data. A data distribution management system comprising ID information for identification. - 請求項1~5のいずれか1項に記載のデータ分散管理システムにおいて、
前記データ分散装置の前記分散データ処理部は、
前記元データから秘密分散法により複数の前記分散データを生成し、また、複数の前記分散データから前記秘密分散法により前記元データを復元することを特徴とするデータ分散管理システム。 In the data distribution management system according to any one of claims 1 to 5,
The distributed data processing unit of the data distribution apparatus includes:
A data distribution management system, comprising: generating a plurality of the shared data from the original data by a secret sharing method; and restoring the original data from the plurality of the distributed data by the secret sharing method. - 請求項1~6のいずれか1項に記載のデータ分散管理システムにおいて、
前記各情報処理装置の前記分散保管部は、
前記データ分散装置から送信された、前記元データに対応する前記分散データを前記記憶装置に格納する際に、前記元データに対応する過去の前記分散データが存在する場合は、過去の前記分散データを残した上で格納することを特徴とするデータ分散管理システム。 The data distribution management system according to any one of claims 1 to 6,
The distributed storage unit of each information processing apparatus,
When the distributed data corresponding to the original data transmitted from the data distribution device is stored in the storage device, if the past distributed data corresponding to the original data exists, the past distributed data A data distribution management system characterized in that the data is stored after being stored. - 請求項7に記載のデータ分散管理システムにおいて、
前記各情報処理装置の前記分散保管部は、
所定のタイミングで、所定の世代数よりも過去の前記元データに対応する前記分散データを削除することを特徴とするデータ分散管理システム。 In the data distribution management system according to claim 7,
The distributed storage unit of each information processing apparatus,
A data distribution management system, wherein the distributed data corresponding to the original data past a predetermined number of generations is deleted at a predetermined timing. - 請求項8に記載のデータ分散管理システムにおいて、
前記データ分散装置の前記分散処理部は、
ユーザにより指定された保存対象のバージョンの前記元データを特定する情報を指定して、前記各情報処理装置に対して、該当する前記元データに対応する前記分散データの削除を制限する旨の第4のメッセージをブロードキャストし、
前記各情報処理装置の前記分散保管部は、
前記第4のメッセージに指定されたバージョンの前記元データを特定する情報をリストに登録し、さらに、所定の世代数よりも過去の前記元データに対応する前記分散データを削除する際に、前記分散データに含まれる前記識別情報が前記リストに登録された前記元データを特定する情報を含む場合には、該当する前記分散データの削除を制限することを特徴とするデータ分散管理システム。 The data distribution management system according to claim 8,
The distributed processing unit of the data distribution apparatus includes:
Designating information for specifying the original data of the version to be stored designated by the user, and restricting deletion of the distributed data corresponding to the corresponding original data for each information processing apparatus Broadcast 4 messages,
The distributed storage unit of each information processing apparatus,
Registering information that specifies the version of the original data specified in the fourth message in a list, and further deleting the distributed data corresponding to the original data that is past a predetermined number of generations, When the identification information included in the distributed data includes information specifying the original data registered in the list, the data distribution management system is configured to restrict deletion of the corresponding distributed data. - 請求項1~9のいずれか1項に記載のデータ分散管理システムにおいて、
前記データ分散装置は、
複数のファイルサーバもしくは複数の仮想ファイルサーバにより構成されることを特徴とするデータ分散管理システム。 The data distribution management system according to any one of claims 1 to 9,
The data distribution device includes:
A data distribution management system comprising a plurality of file servers or a plurality of virtual file servers. - 請求項1~10のいずれか1項に記載のデータ分散管理システムにおいて、
前記識別情報は、さらに、前記元データについての属性情報を含み、
前記データ分散装置の前記分散処理部は、
前記各情報処理装置に対して設定されたアクセス権の情報と、前記分散データに付加された前記識別情報のうちの前記属性情報とに基づいて、前記分散データを保管することができる前記情報処理装置を選択することを特徴とするデータ分散管理システム。 The data distribution management system according to any one of claims 1 to 10,
The identification information further includes attribute information about the original data,
The distributed processing unit of the data distribution apparatus includes:
The information processing capable of storing the distributed data based on access right information set for each information processing apparatus and the attribute information of the identification information added to the distributed data A data distribution management system characterized by selecting a device.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2013541726A JP5667702B2 (en) | 2011-11-01 | 2012-10-24 | Data distribution management system |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JPPCT/JP2011/075211 | 2011-11-01 | ||
PCT/JP2011/075211 WO2013065134A1 (en) | 2011-11-01 | 2011-11-01 | Data distribution management system |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2013065544A1 true WO2013065544A1 (en) | 2013-05-10 |
Family
ID=48191528
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/075211 WO2013065134A1 (en) | 2011-11-01 | 2011-11-01 | Data distribution management system |
PCT/JP2012/077460 WO2013065544A1 (en) | 2011-11-01 | 2012-10-24 | Data distribution management system |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2011/075211 WO2013065134A1 (en) | 2011-11-01 | 2011-11-01 | Data distribution management system |
Country Status (1)
Country | Link |
---|---|
WO (2) | WO2013065134A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016186782A (en) * | 2014-06-27 | 2016-10-27 | パナソニックIpマネジメント株式会社 | Data processing method and data processor |
JP2019054363A (en) * | 2017-09-14 | 2019-04-04 | 株式会社日立システムズ | Server device, secret dispersion management system and secret dispersion management device |
JP2020194462A (en) * | 2019-05-29 | 2020-12-03 | 株式会社ミウラ | Virus-free/restoration system, virus-free/restoration method, virus-free/restoration program and recording medium |
JP2022050700A (en) * | 2017-09-14 | 2022-03-30 | 株式会社日立システムズ | Secret sharing management system, secret sharing management device, and program |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09128380A (en) * | 1995-10-30 | 1997-05-16 | Matsushita Electric Ind Co Ltd | Document storing and managing system |
JP2005310126A (en) * | 2004-03-26 | 2005-11-04 | Ntt Neomate Corp | Distributed data storage device, data constitution management server therefor, client terminal, and job consignment system comprising distributed data storage device |
JP2006189925A (en) * | 2004-12-28 | 2006-07-20 | Senken:Kk | Private information management system, private information management program, and private information protection method |
JP2007334417A (en) * | 2006-06-12 | 2007-12-27 | Nippon Telegr & Teleph Corp <Ntt> | Distributed information sharing method and terminal equipment |
JP2008046860A (en) * | 2006-08-16 | 2008-02-28 | Fuji Xerox Co Ltd | File management system and file management method |
JP2011198325A (en) * | 2010-03-24 | 2011-10-06 | Hitachi Solutions Ltd | Method and system for performing safe bringing-out of file data to outside |
-
2011
- 2011-11-01 WO PCT/JP2011/075211 patent/WO2013065134A1/en active Application Filing
-
2012
- 2012-10-24 WO PCT/JP2012/077460 patent/WO2013065544A1/en active Application Filing
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH09128380A (en) * | 1995-10-30 | 1997-05-16 | Matsushita Electric Ind Co Ltd | Document storing and managing system |
JP2005310126A (en) * | 2004-03-26 | 2005-11-04 | Ntt Neomate Corp | Distributed data storage device, data constitution management server therefor, client terminal, and job consignment system comprising distributed data storage device |
JP2006189925A (en) * | 2004-12-28 | 2006-07-20 | Senken:Kk | Private information management system, private information management program, and private information protection method |
JP2007334417A (en) * | 2006-06-12 | 2007-12-27 | Nippon Telegr & Teleph Corp <Ntt> | Distributed information sharing method and terminal equipment |
JP2008046860A (en) * | 2006-08-16 | 2008-02-28 | Fuji Xerox Co Ltd | File management system and file management method |
JP2011198325A (en) * | 2010-03-24 | 2011-10-06 | Hitachi Solutions Ltd | Method and system for performing safe bringing-out of file data to outside |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2016186782A (en) * | 2014-06-27 | 2016-10-27 | パナソニックIpマネジメント株式会社 | Data processing method and data processor |
JP2019054363A (en) * | 2017-09-14 | 2019-04-04 | 株式会社日立システムズ | Server device, secret dispersion management system and secret dispersion management device |
JP2022050700A (en) * | 2017-09-14 | 2022-03-30 | 株式会社日立システムズ | Secret sharing management system, secret sharing management device, and program |
JP7277624B2 (en) | 2017-09-14 | 2023-05-19 | 株式会社日立システムズ | Secret sharing management system, secret sharing management device and program |
JP2020194462A (en) * | 2019-05-29 | 2020-12-03 | 株式会社ミウラ | Virus-free/restoration system, virus-free/restoration method, virus-free/restoration program and recording medium |
Also Published As
Publication number | Publication date |
---|---|
WO2013065134A1 (en) | 2013-05-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US10983868B2 (en) | Epoch based snapshot summary | |
JP4446738B2 (en) | System and method for efficiently backing up computer files | |
JP5727020B2 (en) | Cloud computing system and data synchronization method thereof | |
EP2803006B1 (en) | Cloud-based distributed data system | |
AU2012232945B2 (en) | Distributed computing backup and recovery system | |
US11074132B2 (en) | Post backup catalogs | |
US9021264B2 (en) | Method and system for cloud based storage | |
EP2622456B1 (en) | Optimized recovery | |
US20110307451A1 (en) | System and method for distributed objects storage, management, archival, searching, retrieval and mining in private and public clouds and deep invisible webs | |
EP3278225B1 (en) | Disaster recovery as a service | |
JP2011527799A (en) | Personal information file management tool | |
WO2013065544A1 (en) | Data distribution management system | |
US20150261621A1 (en) | Collaborative Information Source Recovery | |
JP4198920B2 (en) | Backup system, backup program and backup method | |
US7827145B1 (en) | Leveraging client redundancy on restore | |
WO2013065545A1 (en) | Data sharing system | |
US11829630B2 (en) | Synthetically providing multiple types of granular delete operations for a cloud-based object storage | |
US10346085B1 (en) | Distributed restore anywhere for directory services | |
JP5667702B2 (en) | Data distribution management system | |
US20240020207A1 (en) | Intelligent destination target selection for remote backups with awareness of temporary backup target for data restores | |
US11438295B1 (en) | Efficient backup and recovery of electronic mail objects | |
US20240020200A1 (en) | Restoring from a temporary backup target in an intelligent destination target selection system for remote backups | |
US8713364B1 (en) | Unified recovery | |
JP2019079281A (en) | Synchronization processor, file synchronization system and program |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 12845246 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2013541726 Country of ref document: JP Kind code of ref document: A |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
32PN | Ep: public notification in the ep bulletin as address of the adressee cannot be established |
Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/08/2014) |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 12845246 Country of ref document: EP Kind code of ref document: A1 |