JP2003528399A - Internet personal safe service and method - Google Patents

Abstract

(57) [Summary] [Problem] Internet personal safe service checks the virus vaccine version at the time of primary login and data storage of a customer, updates a new version of the virus prevention program, and compresses the file at the time of data storage. An optimal structure for securely storing important data by encryption, and a user data compensation system capable of compensating for loss or loss of user data. The present invention relates to an internet personal safe service. The internet personal safe service according to the present invention comprises a main control server for connecting first, authenticating and registering a user and paying a service server, and storing data. Data backup device, and an Internet personal safe service that can be mounted on the main control server or can be configured separately, and is configured with a web server for starting a homepage that provides services for service publicity and user registration, It supports TCP / IP communication through PPP for telephone connection users, and is equipped with an automatic response service processing device installed at the forefront regardless of server software, and as a data storage device used in the same LAN network. Backup data A network array device to be stored, a service server that is configured in parallel with N machines and performs storage, backup, and restoration operations for data of authenticated users, and a system management device that monitors the current state of the system. It is characterized by comprising. The Internet personal safe service according to the present invention can securely store, backup and restore user data by providing a service for compensating for data loss and loss.

Description

Detailed Description of the Invention

[0001]

TECHNICAL FIELD OF THE INVENTION

The present invention relates to an Internet personal safe service, and more specifically, securely stores, backs up, and restores data of an authenticated customer by allowing a user to evaluate the value of his or her own stored materials through the Internet. It is related to the Internet personal safe service.

[0002]

[Prior art]

Generally, data is damaged in a computer backup system.
Provided a backup copy of the data stored on a storage device, such as a hard disk or fixed disk, simply to protect against loss or possible infection by computer virus.

The backup data can be exchanged by connecting two or more computers by introducing a network system so that mutual data can be exchanged in a storage device (floppy (registered trademark) diskette or magnetic tape). It is possible, and information can be exchanged with computers in other countries through the Internet. However, since anyone can directly access the resource to another computer, one or more applications may occur in the same storage means, and a computer virus may be propagated. However, virus vaccine software for treating the virus can only protect against viruses that are commonly presented to the particular form of virus that the software is programmed to recognize. Therefore, virus protection programs need to be updated as often as possible in order to treat new versions of the virus, which is expensive and time consuming, and is not a matter of administrative control over whether updates are done regularly. Often cause problems.

Also, many users connect to the Internet using the TCP / IP protocol, which allows personal computers to access information and services.
The Internet offers remote users as diverse a layer of access as possible. The news layer in the access layer provides various news information related to the computer such as occurrence of a new computer virus or rental information for new system and hardware products. Telnet provides remote logon to remote systems connected to the Internet. In addition, NFS (Network F
The file system) and RFS (Remote File System) allocate and configure at least a part of the local system so as to operate like a file system on the network. Drives of remote systems defined using NFS and RFS can be provided by other remote systems on the Internet. In addition, FTP (File Transfer Proto)
It is possible to access a file existing in a remote system on the Internet by using col). On the other hand, the PPC provides an interconnection between the remote system and the Internet, which allows the remote system to have a connection point defined by the Internet. Then, a unique address can be assigned within the Internet system using a PPC that allows other remote systems to access the defined remote system.

However, the problem with the Internet is that the local computer can directly access the resources of another computer, which may cause a boot sector virus in the local computer. For example, a boot sector virus may be introduced into the remote computer's disk that can be infected by the virus the next time the remote computer is booted. When creating a local file system that can be networked, NFS and RFS are optional controls, ie control of public access such as user settings and mandatory control, ie attribute control for each purpose in the system. Use security control for. By using such security control, a remote user with proper authority can directly access the storage device of the remote system. Therefore, this may result in the opportunity to transmit the virus-infected data and programs to the remote system.

Local Area Network (LAN) is another common method for connecting computers. Many corporations store most or all of their important data in special shared personal computers called file servers, and user computers can use LAN or WAN (Wide A).
A shared file server can be accessed through a high speed data network such as rea network). That is, such a LAN can communicate with user computers to communicate with each other and within a small area limited to permit sharing of central resources such as printers, data storage devices, and remote data communications. Connect equipment. The interconnection of computers using such a LAN provides a more efficient and faster means for transmitting data than a typical file transmission method, allowing any LAN user to access printers, storage devices, and telecommunications links. Sharing such resources can save money.

An example of using a LAN for shared information is that a user edits a word processing document stored in a shared file server. The user computer transmits an electronic request associated with it to edit the document over the local area network. The file server receives the request, processes it, and transmits the requested document into an electronic message addressed to the user computer through the network. The user computer stores the document in its internal memory for editing. After editing, the user computer can simply store the document on the user computer's hard disk or floppy disk drive. However, the edited document can be recorded again on the file server through the network in the same place or where it can be searched by other users.

However, the biggest problem with such a LAN is that the user can directly and transparently access resources to another computer. An inexperienced user can propagate computer viruses. A computer virus is a special kind of computer program that imitates computer operation, and a computer is infected with such a virus by transmitting a computer program that can be executed by another computer. Since all such viruses temporarily waste computer resources, data stored in the computer may be damaged. Although virus protection software can be stored on a computer to protect it from virus infection, such anti-virus software is simply a virus that commonly appears in certain forms of virus that the software is programmed to recognize. You can protect the program only against. Whenever a new version of a computer virus occurs, preventive programs to treat the new version of the virus need to be updated as often as possible, and such anti-virus updates are expensive and time consuming. Has the problem of increasing. In addition, it sometimes causes management problems as to whether the updates are regularly performed.

However, even if the personal and company materials are stored and backed up by the method described above, problems that actually occur when the user's software is used, user's operation failure, and a computer owned by the user individually Personal and company materials may be lost or lost due to hardware problems. Such problems are the loss or loss of data due to the user's lack of understanding of the computer system, which is due to the user's lack of understanding and incorrect situation settings.

Therefore, the Internet personal safeguard service has been introduced as a method for securely storing important data of individuals and companies by a specialist in a remote place through the Internet or a network. Such an Internet personal safe service provides a storage device for remote storage of data in a customer's PC, gives a user ID and password to a user who uses the storage device, and stores the customer data automatically or manually. It is to manage. Such an Internet personal safe service compresses and transmits data in a certain format to increase the transmission efficiency of data on the Internet, and also provides an encrypted secret key and data to each individual for the security of customer data. Perform encryption work.

The existing method of the Internet personal safe service described above includes US Pat.
1, 354 citing examples can be cited, through which the existing method of the Internet personal safe service will be described.

FIG. 1 is a block diagram of an Internet personal safe service according to an existing method.

As shown in FIG. 1, the existing Internet personal safe services are roughly classified into an online service system 100 and a user computer 50, and a shared service for data transmission between the online service system 100 and the user computer 50. The communication network 150 is used. The online service system 100 includes one or more main processors 106, a main storage device 108, a communication controller 112, one or more high speed printers 114, one or more large capacity disks 106 and a tape storage medium. IBM AS / 400 host computer 104 configured with a peripheral device controller 110 for controlling other peripheral devices such as a large-capacity storage device 118, a customer-dedicated disk 164 for storing customer data, and customer data. It is composed of a customer service dedicated computer 160 for storing and processing data and the user computer 50 through the shared communication network 150 and modems 102 and 162 for data transmission. The shared communication network 15
0 is ISDN (Integrated Service Data Network)
rk), X. A shared data network such as 25, a LAN, or the like can be used. The user computer 50 may be a personal computer including a modem 80, and the modem 80 is used when the personal data is transmitted to the online service system 100 through the shared communication network 150. .

The existing Internet personal safe service configured as described above sets a virtual disk drive in the online service system 100, allocates it to a user who wants to store data, and then the virtual disk drive is set by the user. The user computer 50 uses a virtual disk drive to store its own data. That is, the online service system 100
That is, a certain amount of memory space is set, and after setting this as a virtual disk drive, the user can store his / her own data in the virtual disk drive through the shared communication network 150.

That is, the existing Internet personal safe service described above uses a virtual disk drive to allow a user to store his / her data as if it were a part of the disk drive in his / her computer.

The Internet personal safe service of this type is not a method of storing its own data in a remote device using the Internet or other different shared communication networks,
This is simply a method of assigning a storage device of a certain capacity to a virtual disk drive at a remote location and then using it as a part of the disk drive in the user's computer, which is a problem of the method described above. Can't be seen as a complete solution.

That is, it can be considered that the problems that occur when a local computer at another place accesses its own computer and the problems with viruses are included as they are. In other words, the method of storing data by the existing method described above is different only in that the data is stored at a remote place by using the Internet or another shared communication network, and in reality, it is online. Since the storage device of a certain capacity provided by the service system is recognized as a part of the disk drive in the user's own computer, this directly involves the problem of the data storage method described above.

In addition, in the existing Internet personal safe service, the user's data storage location is recognized as a disk drive in the user's own computer, and the user's data is lost or lost. There is no way to do it.

[0019]

[Problems to be Solved by the Invention]

In order to solve the above-mentioned problems, the Internet personal safe service according to the present invention performs backup and restore to authenticated customers who are connected to the Internet backup service and customers in the same group as the authenticated customers. The purpose is to confirm the version of the virus vaccine at the time of the customer's primary login and data storage so that the new version of the virus prevention program is updated.

In order to solve the above-mentioned problems, the Internet personal safe service according to the present invention is an Internet personal safe service with an optimum structure that can compress and encrypt files at the time of data storage to safely store important data. To present for another purpose.

In addition, in order to compensate for the loss and loss of user data, the Internet personal safe service according to the present invention also presents a user data compensation system that can compensate for lost or lost user data. For other purposes.

[0022]

[Means for Solving the Problems]

In order to achieve the above object, the Internet personal safe service according to the present invention comprises a main control server for initially connecting, performing user authentication and registration, and paying a dividend to a service server, a data backup device for storing the data, In the Internet safe service system that can be installed in the main control server or can be separately configured, and is configured with a web server for launching a homepage that provides services for service publicity and user registration, for telephone connection users. It also supports TCP / IP communication via PPP, and stores backup data as a data storage device used in the same LAN network as the automatic response service processing equipment provided at the forefront regardless of server software. Network array equipment , N machines are configured in parallel and consist of a service server for storing, backing up and restoring the data of the authenticated user, and a system management device for monitoring the current status of the system. Characterize.

In addition, in order to achieve the above-mentioned object, the Internet personal safe service according to the present invention includes a main control server that a customer first connects, authenticates and registers a user, and pays a dividend to a service server. Internet personal safe service consisting of a data backup device to store and a web server that can be installed in the main control server or can be separately configured to launch a homepage that provides services for users and services In, the user module program provided in the user computer for the user to use the Internet safe service, the main control server process that is the first to accept the user's connection and perform the role of authentication, registration and distribution, and the authentication or registration procedure. A service server process that actually performs backup and restore functions of data on the Internet or Intranet for the depressed user, and a function of changing and monitoring any changes on the PD-IBS server side. However, a system management process that operates in conjunction with a billing process, a CD-ROM manufacturing process that manufactures and provides user data on a CD-ROM, and log information recorded in each of the server processes and The user database information is integrated and the usage fee and usage amount are summarized, and the billing process that works in conjunction with the system management process and the user compensation process for lost or lost data are performed. With user compensation process to carry out Characterized in that it is made.

[0024]

DETAILED DESCRIPTION OF THE INVENTION

The structure of the Internet personal safe service according to the present invention is roughly classified into a web version composed of JAVA (registered trademark), ASP, CGI, etc. on the web. A user uses a dedicated program, a server program, and a user in a data center. Authentication and traffic environment analysis, a control server that appropriately distributes communication servers, a user server and a service server that handles data transfer and transfers data to the storage device. The storage device includes a system constructed by an NFS server and a system constructed by a general disk array. The stored data is backed up twice daily by an offline storage device such as a separate tape connected on the network.

In connection with security in the above-mentioned system, in order to store important documents of an individual or an enterprise in a remote place in a secure environment, data is encrypted via a user level and encrypted via a network or the Internet. Since it reaches the center safely, data security can be maintained even if data is interrupted by someone on the network or Internet route. The 128-bit SEED encryption algorithm developed and supplied by the domestic information protection center is used as the encryption algorithm. The encryption method is a private key method, and an arbitrary 7-digit number or character designated by the user is used as an encryption key to be symmetrical with the data for encryption. Therefore, the contents of the data cannot be confirmed in any case without the encryption key specified by the user. When a user is performing a backup on a certain PC and wants to restore some of the files backed up from other PCs, the user must be logged in and the specified encryption key should be the first one. . In some cases, only the user knows the encryption key and does not transmit it to the administrator database of the data center, and in some cases, the user permits the transmission in the environment setting and deals with the case of loss.

There are options that can be selected through several settings in performing a backup. Even if a file having the same file name has already been backed up, it can be overwritten by ignoring it, or even if the file names are the same, if the generation date is different, a method of backing up by date can be selected. Such a method is necessary for managing a program source file, especially for software engineers.

The main functions of the Internet personal safe service according to the present invention described above will be described below.

(1) Schedule Backup Function No matter how good the system is, if the data is lost while failing to perform the backup, the backup system itself can be meaningless. Therefore,
The Internet personal safe service according to the present invention is provided with a schedule backup function for automatically backing up a designated folder or file according to a designated date and time. Therefore, if automatic backup is performed continuously and regularly, even if any failure or damage to your disk due to a virus occurs, you can completely restore data up to a day before. .

(2) Virus Search and Healing Function Since storing a file once infected with a virus may cause an adverse effect of spreading the virus later, any target file to be backed up must be You should check for infections through the latest virus search engine, and if you should be able to cure the virus automatically or manually. Even if the latest virus passes the search and is stored in the data center of the Internet personal safe service according to the present invention, no files are executed in the data center. Propagation is impossible.

(3) Login List Confirmation Function A login list confirmation function is added to confirm what work the user has done in the data center in the past. The login information created locally in the Internet personal safe service according to the present invention is based on the same contents on the server of the data center, and if any, it is important to confirm the existence of the same file. It is used as a material. The most important reason for maintaining such records is to store the data after confirming that the data was damaged when the user transmitted the damaged data to the data center under the circumstances that the user could not recognize. If you claim that your data has been damaged, it will be an important source of evidence to resolve the problem. In the service contract, the basis for determining the identity of a specific file is defined based on the login material of the user who remains as material in the system. That is, if the file damaged at the present time by the login information exactly matches the file information at the time of transmission from the first user, it is regarded as the same file. Therefore, the user can confirm that the damaged file has been transmitted.

(4) Data Insurance A function of financially compensating for loss of a part or the whole of a file in the data center of the Internet personal safe service according to the present invention. As mentioned above, when the information of a specific file is changed during storage by the user login information and damage is caused, it is compensated by a fixed amount per ID in monetary amount. The feature of this function is that if the user arbitrarily judges the value standard of the data and accordingly pays an additional monthly fee, the damaging liquid due to it can be surely compensated.

(5) Data compression The transmission rate in the data transmission process has important meaning in a situation where data backup must be repeated frequently. Therefore, the service includes various efforts to double the transmission efficiency of files in consideration of the transmission speed of existing service users. A typical function thereof is a compression function, and the Internet personal safe service according to the present invention uses a compression program called LZH to compress and store user data. Although there is a difference in compression rate depending on the form of data, in the case of general documents, the average compression rate is close to 40%. Therefore, if the service capacity is 10 MB, the time capacity based on compression can be expected to be an effect of using a space of about 16 MB or more, and at the same time, the efficiency of shortening the file transmission time can be expected. In addition, when a small part of the same file as the existing backed up file is changed, this is confirmed and only the last few lines of the changed part are transmitted and this is updated to the existing file. The incremental backup method is also used.

(6) Utilization of communication network The Internet personal safe service according to the present invention also includes a portion of the website that allows a complete service without the need for separate download or installation outside the client / server environment. All services will support related functions such as backup, restore and search on the Internet and will be provided with related additional services. PIMS (Personal Information Management)
(T System), a personal information management function, Internet E-mail, a message associated with a mobile communication terminal, and the like, and a single message system (Unified Message) that connects all communication terminals such as a fax machine and a telephone.
g System). In the case of a personal PDA, complete data matching between the personal PDA and a designated desktop PC or notebook PC is automatically performed without any troublesome procedures such as existing data synchronization, and in some cases there is no terminal. Even in the state, the user can log in through the telephone and receive the main information by voice, fax or e-mail.

[0034]   Hereinafter, the present invention will be described in detail with reference to the accompanying drawings.

FIG. 2 is a block diagram illustrating an Internet personal safe service according to the present invention, and FIG. 3 is a flowchart of an overall operating state of the Internet personal safe service according to the present invention.

First, the configuration of the Internet personal safe service according to the present invention will be described with reference to FIG.

As shown in FIG. 2, the Internet personal safe service according to the embodiment of the present invention includes a main control server 200 that first connects, authenticates and registers a user, and pays a dividend to a service server. Data backup device 21 for storing
0, can be installed in the main control server or can be separately configured,
In the Internet personal safe service, which is composed of a web server 220 for launching a homepage that provides services for service publicity and user registration, TCP / IP communication through PPP is supported for telephone connection users, and The automatic response service processing equipment 230 provided at the forefront regardless of the server software, the network array device 240 for storing backup data as a data storage device used in the same LAN network, and N machines are configured in parallel. The service server 250 stores and backs up and restores data of an authenticated user, and a system management device 260 for monitoring the current status of the system.

Even if desired, the main control server 200 and the data backup device 21
0 and the web server 220 are also configured in the existing system, but the Internet personal safe service according to the present invention is configured to have a different structure and function.

That is, the main control server 200 receives the user information, compares it with the user information database, performs an authentication procedure for the user, and records the new information in the database by mutual communication with the unregistered user. As a result, the user is registered as a new user, and after checking the current usage status of the service server 250, the service server 250 transmits a route to be connected to the user side.

The main control server 200 searches the database for user registration information at the time of first authentication of the user, records login information in the system management device, and returns the authentication confirmation information at this time. The authentication confirmation information is used by the service server during secondary authentication. In addition, when the service server 250 is paid to the user, the main control server 200 also plays a role of transmitting a new connection path to the user.

The main control server 200 described above uses Windows NT (registered trademark) 4.0 or higher as an operating system, but the use thereof is not limited. That is, the operating system of the main control server 200 may be Unix or Linux. The hard disk capacity required by the main control server 200 is set as follows.

That is, the capacity of the hard disk is set by “size of operating system + size of database engine + (total number of users × size of authentication database per person) + size of execution module of the main control server 200”.

The data backup device 210 uses disks and tapes in the existing Internet personal safe service, but the Internet safe service system according to the present invention additionally uses the network array 240 to perform a backup operation for user data. Carry out. That is, the data backup device 210 is used as a place for storing and storing user data, and the network array 240 is used as a place for storing backup data of user data as a data storage device used in the same LAN network. In this way, it is possible to obtain the effect of storing the user data in duplicate, and thus it is possible to obtain the advantage that the user data can be stored more safely. In addition, the capacity of the network array 240 is'the capacity of the service server 250 ×
It is set by the number of the service servers 250 + the basic installed capacity of the driver of the network array 240 '.

The web server 220 is a server for activating a homepage for service publicity and user registration, and is operated under IIS (Internet Information Service) under the operating system of Windows NT 4.0 or higher.
er) 4.0 or higher, but there is no restriction on its use. Also,
The web server 220 may be separately configured, or may be separately installed and installed in the main control server 200.

On the other hand, the automatic answering service processing equipment 230 provides a P
TCP / IP communication through PP is supported, which operates separately from the software of the main control server, so that it can be configured at the front of the Internet personal safe service according to the present invention so that the telephone connection user can use the present invention. the Internet
Automatically respond when connecting to a personal safe service
.

In addition, the service server 250 is a server configured in parallel with N machines and performing a backup and restore operation of user data for an authenticated user. The function of controlling the network array 240 is performed, and the confirmation information provided at the time of authentication by the main control server 200 is used for reconfirmation, and the IP of the customer connected to limit the function and access authority. If an address is obtained and a user requests backup information, the backup information is transmitted and a file that is actually compressed and encrypted is transmitted using a file transmission protocol. Further, as the operating system of the service server 250, Windows NT 4.0 (Windows NT 4.0) or higher is used, but the use thereof is not limited. The capacity of the hard disk set in the service server 250 is set by "the size of the operating system + the size of the execution module of the service server 250", and the storage period of the user data is managed on a monthly basis.

Further, the system management device 260 monitors user registration and cancellation, addition and deletion of user data, and the current status of users who are currently connected, and searches and manages system logs according to the type. Preparations are made for storing backup data in a personal computer storage device, such as a floppy diskette, CD-ROM or magnetic tape. CD-which is a personal computer storage device
Storing backup data in ROM or floppy diskettes is difficult to do in real time and should be done manually by the system administrator. The backup data can be stored in two types according to the user's request, one can be made in the same security mode as the server data, and the other is to receive the decryption information from the user when requesting the production order. There is a general method of storing in the form of CD-ROM and floppy diskette.

On the other hand, FIG. 3 is a flow chart showing the overall operating state of the Internet personal safe service according to the present invention. The overall operating state of the Internet personal safe service according to the present invention will be described as follows. is there.

As shown in FIG. 3, the user first makes a connection request to the server (step 310). The server receiving the connection request of the user accepts the connection request of the user by encrypting and transmitting the public key to the user (step 311). After that, the user who receives the shared key from the server can use the session key (session key) encrypted with the shared key.
y) is transmitted to the server (step 312), and the user authentication registration request is transmitted to the server together with the user information (step 313). The server receiving the user authentication registration request in step 313 performs the user authentication confirmation work, and then permits the user authentication (step 314).

On the other hand, the server requests the archive list transmitted by the user (step 31).
For 5), the file list stored in the server is transmitted to the user (step 316). Thereafter, the user refers to the file list transmitted to the server and transmits the actual file stored in the server to the server (step 317). At this time, when the file is transmitted to the server, virus check and compression / encryption of the file are performed and then transmitted.

Also, the user sends a signal to the server requesting file recovery (step 3
18) Then, the file list to be restored is transmitted to the server (step 319). Thereafter, the server transmits the file stored in the server to the user (step 32).
0).

Also, after the user sends a signal to the server to delete the file (step 321), the file list to be deleted is transmitted to the server (step 322), and the server stores the file stored in the server. Deletion and a deletion confirmation signal are sent to the user (step 323).

A detailed description of a process structure illustrating an operation state of the Internet personal safe service according to the present invention described above will be described with reference to FIGS. 4 to 11.

First, FIG. 4 is a block diagram illustrating a structure of an operation process of the Internet personal safe service according to the present invention.

As shown in FIG. 4, the process of the Internet personal safe service according to the present invention includes a main control server that a customer first connects, authenticates and registers a user, and pays a dividend to the service server, and stores the data. Data backup device,
In the Internet personal safe service, which can be installed in the main control server or can be separately configured, and which is composed of a web server for launching a homepage that provides a service for service publicity and user registration, A user module program 410 provided in the user computer for using the service, and a main control server process 420 that first accepts a user's connection to perform authentication, registration and distribution.
And a service server process 430 for actually performing a data backup and restoration function on the Internet or an intranet for a user who has undergone an authentication or registration procedure, and changes of any changes on the PD-IBS server side. And a system management process 440 that performs a monitoring function and operates in conjunction with a billing process, a CD-ROM manufacturing process 450 that is provided by manufacturing user data on a CD-ROM, and each of the server processes. The recorded log information and user database information are integrated to perform a general arrangement on usage charges and usage amounts, and a billing process 460 that operates in conjunction with the system management process and data lost or lost by the user are collected. On the other hand, compensate the user Consisting of user compensation process 470.

As shown in FIG. 5, the user module program 410 inputs user's information such as user ID, password, and secret key to use the Internet personal safe service according to the present invention. 5
10 and a data backup storage process 52 for performing data backup
0, virus prevention process 530 that performs virus infection scan and cure for user files and download new virus scan engine
And a data restoration process 540 for performing a restoration operation of the stored file, and a group management process 550 for sharing data files among users in the same group.

On the other hand, as shown in FIG. 5, the data backup storage process 520 has an automatic backup designation function for backing up data at a designated time by designating a backup time by backup date and a day of the week. A backup method specification function that specifies whether to save only the latest file, or saves files by backup date and selects the full backup method or incremental backup method, and the password that changes the registered own password A change function, a backup file specification function that selectively specifies the disks, folders, and files to be backed up, a data compression function that transmits after compression to improve data transmission and reception efficiency, and a secret that the compressed data is specified by the user Using the key Includes a data encryption function that decrypts and restores an encrypted file when encrypted or transmitted.

In addition, as shown in FIG. 5, the data restoration process 540 not only restores the stored files, but also restores the files according to the backup date version, and is connected to the Internet. To be able to restore even on other computers.

Meanwhile, the main control server process 420 performs a process of authenticating and registering a user and managing a version of the user module program 410 used by the user, as shown in FIG. A user management process 610 for managing users who are using the evaluation version of the user module program, and a database management process 62 for managing a database for user information and a database for stored file information.
It consists of 0. In addition, the user management process 610 checks the current usage status of the service server 250 and then informs the user of a route to be connected to the user so that the user can continue to connect to this route and continue. It includes a balancing function that allows you to manage the load of the load balancer.

In addition, as shown in FIG. 7, the service server process 430 uses a file transmission / reception control process 710 for controlling transmission / reception of a file and a file system unique to a file transmitted from a user. It is composed of a file storage management process 720 to be operated.

Meanwhile, the file transmission / reception control process 710, as shown in FIG. 7, uses the confirmation information given at the time of authentication by the main control server 200 to perform a user re-authentication function. And an IP address filtering function that extracts the IP address of the user who has been connected in order to place restrictions on the user's function and access authority, and a file list transmission function that transmits a file list to the user when the user's backup information is requested. , A file transmission protocol function for actually transmitting a compressed and encrypted file using FTP, a file storage function for storing a file received together with a user's backup request, and the same file at the time of file storage Files to be processed or processed for non-identical files The comparison function and the file requested by the user are stored in the network array 2
And a file deletion function to delete at 40.

In addition, the file system of the file storage management process 720, as shown in FIG. 7, connects the data as information for connecting the file list information of the user and all the file information in the network array 240. An index part representing a ring and display information, and a file sent from the user, which is stored in the network array 240 by the service server process 430 under a new name, and the information corresponding thereto is recorded in the index part. Composed of and.

In addition, as shown in FIG. 8, the system management process 440 includes the function of the file transmission / reception control process 710, user IP address extraction availability and range registration, user registration and cancellation in the IP address filtering function, A system setting process 810 that performs addition and deletion of data, a system monitoring process 820 that monitors the current state of users who are currently connected, and a system that searches and manages system logs by types such as storage, classification, and deletion. A log management process 830, a media setting process 840 that sets a general PC medium for storing backup data, and a user status monitoring process 850 that monitors information of users who are using the service in real time. And a database management process 8 for managing the database in the server
And 60.

In addition, the CD-ROM manufacturing process 450 is performed as shown in FIG.
Storing the backup data on the D-ROM or diskette should be done manually by the administrator, which should first be prepared through the system management process 440 so that the administrator can view the order status and store it on the media. Is.
The CD-ROM may be backed up with the same security mode data as the server data or stored in a general CD-ROM and diskette form according to the user's request. At this time, the decryption information should be received from the user when the CD-ROM manufacturing order is requested.

As shown in FIG. 10, the billing process 460 calculates a fee breakdown and billing base material for use for a user who uses the backup service, and calculates a total use time and a connection for a predetermined number of days. The number of times, the change in the amount of data that has been moved, the coordination of materials with the person to be billed, the calculation of billing materials, etc.
The user evaluates the value of the file stored by the user and bears the usage fee.

The user compensation process 470, as shown in FIG. 11, reads the storage log information of the lost or lost user data to determine the data loss and the loss condition, and then the lost or lost data. To measure the value of the value and request compensation from the insurance company so that the user can be compensated for lost or lost data.

The overall operation status of the Internet personal safe service according to the present invention, which is constructed by the process described above, will be described in detail with reference to FIGS. 12 to 25.

First, FIG. 12 is a flow chart showing the overall operating state of the Internet personal safe service according to the present invention.

As shown in FIG. 12, the operation of the Internet personal safe service according to the present invention first causes the user to log in when using the Internet personal safe service of the present invention (step 1200). After grasping the login status of the user (step 1240), if the user is a new user, new user registration for the information of the new user is performed (step 1241).

Thereafter, after performing a user authentication operation (step 1201) and a user re-authentication operation (step 1202) for the user who logged in on the main control server 200 and the service server 250, a file between the user and the Internet personal safe service. A communication encryption operation for transmission is performed (step 1203). Also,
For the data transmission between the user and the Internet personal safe service, necessary environment settings are performed (step 1210). The environment setting step (step 1210) includes a storage rule setting step (step 1211) for setting a method for storing user files, and a schedule setting step (step 1212) for setting a user file storage schedule. A user information change step (step 1213) for setting the change of the user information for the registered user,
A virus check option setting step (step 1214) for checking and treating a virus in the user file is performed.

Thereafter, according to a user's request, a data storage step (step 1204), a data restoration step (step 1205), a storage / restoration record browsing step (step 1206) and a latest storage information download step (step 1207) may be performed. Become.

If the user's data becomes lost or lost (step 122)
In step 0), the damage compensation processing step (step 1221) is performed.
Thereafter, the connection completion status of the user is checked (step 1230), and if the user is able to complete the connection of the service, the service is terminated. You will be able to repeat the steps described.

The detailed operation of the Internet personal safe service according to the present invention described above will be described in detail with reference to the accompanying drawings.

First, in the user registration step for a new user (step 1241) by grasping the login status of the user, as shown in FIG. 13, the user ID and password to be used by the user, and the resident registration number of the user. If the user's resident registration number is entered (step 1301), the user's resident registration number is checked for error (step 1302). If the entered user's resident registration number causes an error, the above step is performed. 1301 is performed again to input the user information. If there is no error in the resident registration number checked in the step 1302, the input user information is transmitted to the main control server 200 (step 130).
3). If the user fails to connect to the main control server, a message about the connection failure is output on the user computer screen (step 1304). After that, after checking whether the user ID is used repeatedly in the user information transmitted to the server in step 1303 (step 1305), if the user ID is used again, the step 1301 is performed again. Become. If the user ID is not duplicated, it is confirmed whether the user is to join a certain group of users (step 1306), and the user information corresponding thereto is recorded in the group table (step 1307). This information is registered in the main control server 250 (step 1308). Thereafter, after allocating the storage space used by the user (step 1309), a completion message is transmitted to the user (step 1310), and the user registration is completed.

The step 1307 of recording the user information in the group table is processed as follows in the Internet personal safe service according to the present invention.

That is, when backup information is given from the service server 250 to the user side, shared information of the same group user to which the user belongs is also given together. The information is specified in the user database managed by the main control server 200. Also,
In the network array 240, a group to which a user belongs is changed and the group is not specified. Meanwhile, when the user requests a file list, the service server 250 connects to the user database to obtain the same group user list and maintains a path for collecting necessary information. The service server 250 should be configured.

Meanwhile, when a user who has completed user registration attempts to use the Internet personal safe service according to the present invention, a user authentication step (step 1201) and a user re-authentication step (step 1202) for the logged-in user are performed. To do.

[0078]   This will be described in detail with reference to FIG.

First, a user who intends to use the Internet personal safe service according to the present invention inputs his or her user ID and password (step 1401) and confirms whether the computer used by the user is the first computer registered as a user. After confirmation (step 1402), if it is not the first registered computer, the user inputs the secret key or authentication key for it (step 1403). Thereafter, the information for the logged-in user is transmitted to the main control server 200 (step 140).
4) After confirming the input user ID and password (step 1405), if the confirmed user ID and password do not match the registered user information, the process starts again from step 1401. User ID entered
And if the password matches the registered user information. After checking the virus vaccine version used by the user (step 1406), if the virus vaccine version of the user does not match the current version, request the download of the latest virus vaccine program. Then (step 1407), the necessary latest version of the virus vaccine program is downloaded (step 1408). Thereafter, if the service server 250 is assigned to the logged-in user (step 1409), the user login is completed.

At the user login stage described above, the authentication processing information of the user connected by the main control server 200 is used as confirmation information at the time of re-authentication by the service server 250 performing the actual service processing. Also, the encrypted session key information defined at the time of authentication is also revealed through the same information in order for the service server 250 to be transmitted from the main control server 200. In addition, the main control server 200 should share information with the service server 250 in order to manage the login status of the user, and use the system shared memory to record such shared information. At the time of user authentication and re-authentication, the contents of information shared by the main control server 200 and the service server 250 are as follows.

That is, the connection time of the user connection, the user ID, the group name to which the user belongs, the latest connection time of the user connection, and the information about the encryption key or the authentication key for the user information are described above. It is shared by the main control server 200 and the service server 250.

On the other hand, if there is no abnormality in the re-authentication in the service server 250, the IP address of the user is acquired and stored in the main storage device for IP address filtering and recording. The connection will be terminated after sending a notification packet to the user. In addition, if the user is excluded from the limitation of the access authority by IP address filtering in the service server 250, the service server 250 waits at the request of the user or sends a notification packet for the limitation of the access authority and then connects. To finish.

Next, for the logged-in user, the steps 1201 and 1202 are performed.
15. After performing the user authentication work and the user re-authentication work in the above, the communication encryption work for file transmission between the user and the Internet personal safe service is performed by the user and the main control server 200 as shown in FIG. Has the first promised DES key for encrypted data transmission (step 15
01), when the user connects to the main control server 200, the main control server 2
00 is a private key and a shared key (for private communication) for encrypted communication.
A public key) is generated (step 1502). Thereafter, the main control server 200 uses the shared key generated in the step 1502 as a user-defined D
A user who receives the shared key transmitted in step 1503 after encrypting it with the ES key and transmitting it (step 1503) has a session key (session key).
y) is generated (step 1504). If the session key is generated in step 1504, the user encrypts the session key using the shared key and then transmits the encrypted key to the main control server 200 (step 1505). After that, the main control server 200 has a session key analyzed using the dedicated key generated in the step 1502, and if there is encrypted data after that, it can be solved using this (step 15
06) The encryption work for communication will be completed.

Meanwhile, the session key generated in step 1504 is the same as the main control server 2
00 for the first time, and for the actual service relay, the service server 2
50 should be communicated so that it can be utilized.

[0085]   The encryption process for communication will be described in more detail below.

That is, at the time of the user's first connection request described above, the main control server 20
At 0, a shared key encrypted with a DES key value that is commonly used to receive a session key used for encryption of communication different from that for allowing a user to encrypt data is transmitted. The user decrypts the transmitted encrypted shared key with the DES key mutually determined with the main control server 200, re-encrypts the generated session key using the shared key, and then performs the main control. It is transmitted to the server 200. The main control server 200 analyzes and generates a communication packet with the user using the session key received from the user. Since the user himself / herself performs the encryption of the data files required for data backup and restoration, the main control server 200 need not be involved in this.

When the user connection is established through the above process, the Internet personal safe service according to the present invention will perform the service requested by the user. Hereinafter, operation states of respective services will be described with reference to the accompanying drawings.

First, as shown in FIG. 16, in the data storage step (step 1204), the user whose re-authentication procedure is confirmed by the service server 250 is the user.
Performed by requesting the bis server to back up its own data file
.

In the data storage step (step 1204), when the user first selects a file to be backed up and requests the backup, the service server 250 receives and analyzes the corresponding information in a communication packet. (Step 1601). After that, the service server checks the size of the file to be backed up based on the material analyzed in step 1601 (step 16).
02) If the backup is ready, the user is requested to transmit the file list to be stored in the service server 250 (step 1603). When the backup is completed, the user may use the communication server such as ZMODEM or FTP to copy the specified file to the service server 250.
Then, the service server 250 transmits to the user whether or not the file reception is completed (step 1604). At this time, the service server compares the file specified by the user with the file list of the service server 250 (step 1605), and if there is no changed or added file, the service file is unconditionally stored in the network array 240. Store (step 1606)
If there is a changed file or an additional file, it is determined whether or not the file in the neckwork array 240 can be overwritten and stored (step 160).
7). Thereafter, the file list of the user stored in the network array 240 is extracted (step 1608) to determine whether the size of the file requested by the user exceeds the pre-allocated user allowable space. (Step 1609). If exceeded, an error message is transmitted to the user (step 1610) to restart from step 1601. If,
If not exceeded, it is confirmed whether or not the user file requested for backup is infected by a virus (step 1611), and if infected by a virus, the virus is treated (step 1612).

After the above-mentioned series of operations are completed, the user file is compressed (step 1613).
), Encrypt the user's file with the private key described above (step 1614) (step 1615). Then, after transmitting the encrypted file to the service server 250 for storing (step 1616), the network array 2
By storing the file in the file system in 40 (step 1617), recording the user information table and the file information table (step 1618), and transmitting a storage confirmation to the user (step 1619), the user file storage operation. Will be completed.

Meanwhile, in the data restoration step (step 1205), as shown in FIG. 17, after the user selects a file to be restored from the file list stored in the service server 250 (step 1701). ), The service server 25
0 checks the size of the file (step 1702), and if it is ready to restore, the user transmits the list of materials to be restored to the service server 250 (step 1703) and transmits the list of materials to be restored. The service server 250 receives the file stored in the user (step 1704). The user who receives the file receives the private key (step 1705) that describes the received file.
) And decrypt the file (step 1706). Thereafter, after confirming whether the same file name as the file transmitted from the service server 250 exists in the user computer (step 1707), if the same file name exists, the file overwrite storage rule is set. After confirmation (step 1708),
When not overwriting, another folder is designated and the file is received (step 1709). Thereafter, the file is decompressed (step 1710), and the decompressed file is stored in the user's own computer (step 171).
1) The data restoration operation is completed by transmitting a restoration confirmation message to the service server 250 (step 1712).

On the other hand, if the user requests to save or restore the file in another place, that is, if the user wants to save the file in the company office and restore it at home or another place, the service is provided for security reasons. The function is restricted depending on the species and form of the.
That is, if the system management device 260 is set to use the IP address filtering and then the range of the IP address is set, and if such an IP address is set, it is rejected when the user requests the file restoration. It can be so.

In the storage / restoration record browsing step (step 1206), after the user selects and transmits the date to be browsed to the service server 240, as shown in FIG. 18, (step 1801). , By opening a log file stored in the user's own computer (step 1802). After that, the log file that meets the conditions such as date, archive record, or restore record is read (step 1803), the above information is displayed on the screen (step 1804), and the log file is closed (step 1805) and the process ends. To do.

Similarly, in the latest storage information downloading step (step 1207), as shown in FIG. 19, the user requests the service server 250 to transmit the storage file list and is stored (step 1901). Transmit the file inventory (step 19
02), display information on the user's computer screen (step 1903). After that, the user's own computer inspects whether there is a stored catalog file (step 1
904), if there is none, end. If the archive file is stored in the user's own computer, the file is opened (step 1905), the archive is stored in the file (step 1906), and the file is closed (step 1907).
)finish.

Meanwhile, a detailed operation of environment setting for data transmission between the user and the service server 250 will be described with reference to FIGS. 20 to 23.

First, in the storage rule setting step (step 1211) for setting the method of storing the user file, as shown in FIG. 20, the extension of the extension *. It is checked whether or not there is a user file of idx (step 2001), and if there is no such file, an error message is output and the process ends.

If there is a user file, open the file (step 2002
), Decrypt the file (step 2003) and limit the maximum storage capacity of the file,
The storage rules such as the automatic connection time are read (step 2004) and output on the screen of the user computer (step 2005). Thereafter, the storage rule is modified if necessary (step 2006), the modified user file is encrypted and stored using the encryption key described above (step 2007) (step 2008), After closing the user file (step 2009), the process ends.

In addition, the schedule setting step (step 1212) is performed in the same manner as the storage rule setting step (step 1211) as shown in FIG. 21, and only the information about the storage schedule is modified. Done.

In the user information changing step (step 1213), the storage rule setting step (step 1211) and the schedule setting step (step 1213) are performed as shown in FIG.
Same as step 1212), except that the user information is simply modified and the main control server 200 is requested to modify the user information (step 2207), and then the user information is transmitted to the main control server 200 (step 2207). In step 2208, the user information change confirmation message is transmitted from the main control server 200 (step 2209).

Also, the virus check option setting step (step 1214) is performed in the same manner as the storage rule setting step (step 1211) and the schedule setting step (step 1212), as shown in FIG. This is done simply by modifying the information for the virus scanning options.

On the other hand, in the damage compensation processing step (step 1221), when the user receives a request for confirmation of loss or loss of the user file, as shown in FIG. User log information is transmitted to the user (step 2401), and storage log information of lost or lost data is transmitted to the user (step 2402). The service server 250 compares the date of storing the user file with the date of the stored file (step 2403).
If the two dates are the same, that is, if the user saves the file on the same day, notify the user that an error has occurred in the original data (step 24).
04) and then the service ends.

If the two dates are different, that is, if the user did not save the file on the same day, the data is found to be lost or lost.
Thereafter, the service server 250 checks whether the user who requested the data loss or loss is a paying user (step 2405), and if it is not a paying user, informs the user that the user is excluded from compensation. After doing (stage 2
406) Finish.

If the user is a paying user, the value of the lost or lost data is measured (step 2407) and the insurance company is requested to compensate (step 2408).
), And compensates the user who requested the data loss or loss (step 2409).
) Terminate the service.

Next, the database structure used in the Internet personal safe service according to the present invention described above will be described with reference to FIGS. 25 to 33.

First, as shown in FIG. 25, the databases in the Internet personal safe service according to the present invention are the input database 2501 of the main control server process 420 and the output database 250 of the main control server process 420.
2, an input database 2503 of the service server process 430, an output database 2504 of the service server process 430, an input database 2505 of the system management process 440, an output database 2506 of the system management process 440, and user information. Related user information database 2507 and login information database 2 related to login information
And 508.

As shown in FIG. 26, the input database 2501 of the main control server process 420 includes a user connection request item related to a first connection request with registration or authentication, and a shared key provided at the time of connection request. The encrypted session key item which is the information generated by using, the user registration request item to record in the user database, the user authentication request item to search the user database and authenticate the registered user, and the user The user version comparison request item that compares the version of the data that the server has and the version of the data that the server has, and the user version update request item that requests the user version update if the user version is lower than the version that the server has. Composed.

In addition, as shown in FIG. 27, the output database 2502 of the main control server process 420 is that the server encrypts the shared key for key transmission with the promised DES key as shown in FIG. An encryption key transmission item for transmission to the user, an authentication confirmation information item composed of information such as login time, user ID, group name, and latest login time, and a file for updating the user program. User program file items to be configured.

The input database 2503 of the service server process 430 is
As shown in FIG. 28, a user authentication confirmation request item for inspecting whether or not the user is authenticated by the main control server 200, and a file inventory information request item for transmitting a backed up file inventory. , A backup request item for notifying the information of the file to be backed up and the start, a backup file item actually backed up using a transmission protocol such as FTP or ZMODEM, a restore request item having information of the file to be restored, and deleting It is composed of a file deletion request item having file information and a media storage information item displaying information of a file stored in a CD-ROM or a floppy diskette.

The output database 2504 of the service server process 430 is
As shown in FIG. 29, the server backup information that the user refers to when restoring or backing up a file, that is, a file list information item that displays a list of files that have already been backed up, and a file that is actually transmitted when the file is restored. It consists of items and.

In addition, the input database 2505 of the system management process 440 is as shown in FIG.
As shown in 0, the user who displayed the IP address filtering permission / prohibition item and the IP address approaching allowance section item for limiting the authority at the time of file backup or file restoration, and the user information when manually registering or canceling. System setting section consisting of registration and cancellation information, and a system monitoring section consisting of usage status monitoring condition items to be displayed for each user or for each service server 250 A system log management unit composed of a log deletion information item displaying information and the like, an arrangement information item for arranging the information in order of date, species, and alphabet, and storing in media such as user ID, password, directory and file name. Data information item for displaying data information and CD-RO Or floppy diskette, etc.
It is composed of a media storage composed of data size items classified into
.

Further, the output database 2506 of the system management process 440 is as shown in FIG.
As shown in FIG. 1, the system monitoring part is composed of service usage status items that display the total user status and the user status of each service server 250, and the log information items that display the log file information. It is composed of a system log management unit and a media expert unit composed of files stored according to the input conditions stored in the medium.

Further, the user information database 2507 related to the user information is shown in FIG.
As shown in FIG. 1, the registration date at the time of initial registration, the IP address at the time of registration, the user computer name specified on the OS, the user ID, and the connection password,
User's company name, user's department name, user's contact phone number, user's e-mail address, user's address, zip code, and last login time updated each time a new connection is made. It is composed of a group to which the user belongs, an explanation column, position information on the network array 240, and an evaluation version user column for confirming whether or not the evaluation version user is available. Here, the location information on the network array 240 is set in a blank field at the time of registration, and if a connection for the first use is made, a location with sufficient free space is searched for, a directory is created, and the location is specified in the database file. After that, from the next connection, the location specified in the database file is searched for and immediately approached. If there is no target directory to approach, a new file is created and updated to the database file.

The login information database 2508 related to the login information is shown in FIG.
As shown in Figure 4, the connection time for recertification confirmation information, the user ID for recertification confirmation information, the group name for recertification confirmation information, and the user database for recertification confirmation information Previous recorded login time, encryption key, re-authentication flag, current IP address of the connected user, existing personal capacity information stored, backup capacity of updated or added data, Restored capacity of downloaded data, deleted capacity of data removed from the service server 250, requested capacity of media expert to be stored in CD-ROM or floppy, final remaining storage capacity at the end, and the service server 25
It is composed of the connection end time recorded by 0, the usage time of using the service, and the information of the network array 240 used, which is the position information of the ID directory.

On the other hand, the login database 2508 related to the login information is not a database file and is a sequential access method (Sequential Access Me).
(th od: SAM) file.

On the other hand, as shown in FIG. 34, the information of the backup file storing the user file includes the file information of the backup file by placing the index and the data directory under the backup root directory on the network array 240. Record or manage. The index file is located under the index directory on the network array 240 and has the same file name as each directory for storing data. The name of the index file and the name of the directory that stores the data file are the same as the registration ID of the user. In addition, the index file is the entire path information of the original file, the original file name, and the segment version number of the same original file name. Using this, a data file that enables you to confirm that the backup files are different Version number, a backup file name, and a file of a sequential processing method that is configured by information indicating whether sharing is performed between users in the same group.

Meanwhile, the group information is obtained by inquiring the user database in the main control server 200 to obtain the same group user name, and using the obtained user name, the shared file of other users in the same group. The information is read, and this and the index file of the user themselves are combined to generate group file information, and when the user requests a file list, the group file information generated above is provided.

Further, since the file actually backed up is a compressed file, it has a file path internally, and therefore, when it is stored in the network array 240, only the file is stored, and there is no file path. Also, the name of the backup data file is given directly by the service server 250 to avoid duplication, which is'I 'because it uses an absolutely unique name in the same directory.
It is used as D name + original file name + YYYYMMDDHHMMSS '. Where Y
YYY indicates the year of the date when the file is backed up, first MM indicates the month, DD indicates the day, HH indicates the hour, the second MM indicates the minute, and SS indicates the second. For example, the file name originally is'NOTEPAD. It is EXE and the user ID is'Bruce0
In case of ', the backup file name is'Bruce0_Notepadexe_
It will be 200001082320 '. Also, when the backup file name is generated, if the original file name exceeds 20 characters, up to 20 characters are used.

On the other hand, as shown in FIG. 35, the Internet safe service according to the present invention is a PDA.
(Personal Digital Assistant) Provide a method for allowing user's data to be stored. In other words, if users 3410 and 3420 using PDA lose their PDA or data to PDA is lost by storing the data stored in their PDA in the Internet safe service 3440 according to the present invention, users can safely use it. That is, it is possible to manage the data of.

Data managed between the PDA described above and the Internet personal safe service according to the present invention is the same as that shown in FIG. That is, PIMS (Pe) such as user's phone book, address book, schedule, memo pad and cash register.
rsonal Information Management System
) It can store data, sent and received user's E-mail contents, and user's general documents such as document files and text files.

The Internet personal safe service according to the present invention also provides a method for allowing users to share data stored in the safe with each other through the sharing function described above. That is, it is to provide a function of sharing information stored in a safe among shared users in full or arbitrarily by selecting whether or not sharing is possible. By doing so, not only the necessary information can be exchanged but also the data storage location can be shared, so that a more efficient Internet personal safeguard service can be received.

The Internet personal safe service according to the present invention also provides a function of transmitting the user information stored in the safe to the other party designated by the user by E-mail. Such a function can transmit a file to many people at the same time. Information about the file transmitted by the other party by writing matters related to the file attached in the email transmitted during E-mail transmission. It is a function to understand.

At the same time, the Internet personal safe service according to the present invention stores a user's voice as a voice file in the safe and transmits the stored user's voice file to another user without a separate application program. It also provides a function to automatically play back by the method provided by the Internet personal safe service.
That is, the user can record his / her own voice and store it in the safe, and the voice file thus stored can be transmitted to the other party through E-mail or the like.

On the other hand, the billing process 460 described above, as shown in FIG.
Offer Internet billing service by depositing without passbook or credit card. In other words, as shown in FIG. 37, for billing by depositing without a passbook, when an internet user uses the first web server 3710 or the second web server 3720 to apply for a pay subscription to the internet personal safe service,
The deposit method confirmation unit 3770 confirms the deposit of the passbook, is connected to the billing process 460 of the billing server 3730 of the Internet personal safe service, and is converted to a pay waiter through the deposit confirmation procedure 3740. After the payment confirmation work is performed, the pay subscribers are converted to 3750.

In addition, as shown in FIG. 37, for billing with a credit card, a deposit method confirmation unit 3770 may be performed by applying for a pay subscription to the Internet personal safe service using the first web server 3710 or the second web server 3720. After confirming the deposit by the credit card, it is connected to the billing process 460 of the billing server 3730 of the Internet personal safeguard service through the server 3760 of the card check agency that is affiliated with the billing process to convert the bill to the paying user 3750.

[0125]

【The invention's effect】

Since the Internet personal safe service according to the present invention described above uses an encrypted key, an authenticated user may request data backup and recovery of encrypted data wherever the Internet is connected. In addition, it is possible to configure a group for sharing personal data, and not only to share data among users of the same group, but also to specify files to be backed up and time. it can.

In addition, by providing a service for compensating for loss or loss of user data, the user can safely store his / her own data, and generate and apply a shared key for security of data transmission / reception. By doing so, it is possible to obtain the effect that the own data can be safely shared within the same group.

In addition, the user can selectively restore the data file by storage date,
Through this, users can keep their data updated at all times, and by providing the virus search and treatment functions of pre-storage data files, the data of users can be safely stored even if a new virus is compromised. Can be obtained.

In addition, in the Internet personal safe service according to the present invention described above, the user's authentication work is performed by the main control server and the service server, so that the user's data can be safely stored even when hacked by a third party. You can get the effect that you can. That is, after performing the user registration and connection on the main control server and the re-authentication work on the main control server, a certain space of the service server is allocated to a legitimate user to prevent hacking of a third party. it can.

Also, if the PDA user loses a PDA or purchases a new PDA by enabling the PDA user to use the Internet safe service according to the present invention described above, and if the data of the PDA is damaged, the Internet can be used. By directly connecting to the personal safe service, it is possible to recover important data of existing users stored in the safe.

[Brief description of drawings]

FIG. 1 is a block diagram schematically illustrating an Internet personal safe service according to an existing method.

FIG. 2 is a block diagram illustrating an Internet personal safe service according to the present invention.

FIG. 3 is a flowchart illustrating an overall operation state of the Internet personal safe service according to the present invention.

FIG. 4 is a block diagram illustrating a process structure illustrating an operation state of the Internet personal safe service according to the present invention.

5 is a block diagram illustrating a structure of a user module program for a user in FIG.

FIG. 6 is a block diagram illustrating a structure of a main control server process, which illustrates an operation state of the main control server in FIG.

7 is a block diagram illustrating a structure of a service server process, which illustrates an operation state of the service server in FIG.

FIG. 8 is a block diagram illustrating the structure of the system management process in FIG.
.

9 is a block diagram illustrating a structure of a CD-ROM manufacturing process in FIG.

[Figure 10]   5 is a block diagram illustrating the structure of the billing process in FIG. 4.

11 is a block diagram illustrating the structure of the user compensation process in FIG.
.

FIG. 12 is a flowchart illustrating an operating state of the Internet personal safe service according to the present invention.

[Fig. 13]   13 is a flowchart illustrating an operation state of user registration in FIG. 12.

FIG. 14   13 is a flowchart illustrating an operation state of user login in FIG. 12.

FIG. 15   13 is a flowchart showing the communication encryption operation state in FIG.

16 is a flowchart illustrating a data storage operation state for storing user data in FIG.

17 is a flowchart illustrating a data restoration operation state for restoring user data in FIG.

FIG. 18 is a flowchart illustrating an operating state of a storage / restoration record browsing for browsing information related to user data stored or restored in FIG. 12;

FIG. 19 is a flowchart illustrating an operation state of downloading the latest storage information for downloading the storage information of the latest changed data to the user PC in FIG.

20 is a flowchart illustrating an operation state of storage rule setting for storing user data during environment setting in FIG.

FIG. 21 is a flowchart illustrating an operating state of schedule setting during environment setting in FIG.

22 is a flowchart illustrating an operation state of changing user information during environment setting in FIG.

FIG. 23 is a flowchart showing an operating state of virus inspection during environment setting in FIG.

FIG. 24 is a flowchart of a user loss compensation process for user data loss and lost data in FIG.

FIG. 25 is a block diagram illustrating a database structure for setting the operation of the Internet personal safe service according to the present invention.

FIG. 26 is a block diagram of a database used in an input specification for processing the main control server process in FIG. 25.

FIG. 27 is a block diagram of a database used in an output specification for processing the main control server process in FIG. 25.

FIG. 28 is a block diagram of a database used in an input specification for processing the service server process in FIG. 25.

FIG. 29 is a block diagram of a database used in an output specification for processing the service server process in FIG. 25.

30 is a block diagram of a database used in an input specification for processing the system management process in FIG. 25.

FIG. 31 is a block diagram of a database used in an output specification for processing the system management process in FIG. 25.

FIG. 32 is a block diagram of a database related to user information in FIG. 25.

FIG. 33 is a block diagram of a login database related to the login information in FIG. 25.

FIG. 34 is a block diagram illustrating information of a user backup file in the Internet personal safe service according to the present invention.

FIG. 35 is a block diagram illustrating that the Internet personal safe service according to the present invention can be used in connection with a PDA user.

FIG. 36 is a block diagram illustrating contents of managing data of a PDA user in the Internet personal safe service according to the present invention.

FIG. 37 is a block diagram illustrating a billing process using a bankbook or credit card in the Internet personal safe service according to the present invention.

[Explanation of symbols]

  200-Main control server   210-Data backup device   220-Web Server   230-Automatic response service processing device   240-Network array device   250-Service Server   260-System management device

─────────────────────────────────────────────────── ─── Continuation of front page (51) Int.Cl. ⁷ Identification code FI theme code (reference) G06F 11/00 G06F 9/06 660N (81) Designated country EP (AT, BE, CH, CY, DE, DK) , ES, FI, FR, GB, GR, IE, IT, LU, MC, NL, PT, SE, TR), OA (BF, BJ, CF, CG, CI, CM, GA, GN, GW, ML) , MR, NE, SN, TD, TG), AP (GH, GM, KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZW), EA (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), AE, AG, AL, AM, AT, AU, AZ, BA, BB, BG, BR, BY, BZ, CA, CH, CN, CR, CU, CZ, DE, DK, DM, DZ, EE, ES, FI, GB, GD, GE, GH, GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP , KR, KZ, LC, LK, LR, LS, LT, LU, LV, MA, MD, MG, MK, MN, MW, MX, MZ, NO, NZ, PL, PT, R O, RU, SD, SE, SG, SI, SK, SL, TJ, TM, TR, TT, TZ, UA, UG, US, UZ, VN, YU, ZA, ZW (72) Inventor Jeong Seon-young, Seocho-gu, Seoul, Republic of Korea 137-040 Pan Po Dong 48-1 Banpo Building 6th floor G-o-net company Limited F-term (reference) 5B076 FA13 FB05 FD08 FD09 [Continued Summary] Regardless of the automatic response service processing equipment installed at the front, regardless of the same LAN network Used in A network array device that stores backup data as a data storage device, and a parallel configuration of N machines, that is, a service server that stores and backs up and restores data of authenticated users, and the current status of the system. And a system management device for monitoring. The internet personal safe service according to the present invention can safely store, backup and restore user data by implementing a compensation service for data loss and loss.

Claims (24)

[Claims] 1. A main control server that initially connects to perform user authentication and registration and pays dividends to a service server, a data backup device that stores data, and a main control server that can be installed or separately configured. It is possible to support TCP / IP communication via PPP for telephone connection users in the Internet personal safe service that is composed of a web server for launching a homepage that provides services for service publicity and user registration. Then
In addition, the automatic response service processing equipment is installed at the forefront regardless of the server software, the network array device that stores backup data as a data storage device used in the same LAN network, and N machines are configured in parallel. An Internet personal safe service characterized by comprising a service server for storing, backing up and restoring data of an authenticated user, and a system management device for monitoring the current status of the system. 2. The main control server transmits a route to be connected to the user side after checking the current usage status of the service server, and the user continues to connect the route to continue to advance the server. The Internet personal safe service according to claim 1, wherein the load is distributed and managed. 3. The Internet personal safe service according to claim 1, wherein the service server allows a customer to newly install software or send a file list when data is backed up and restored in another place. 4. The transmitted data is a DES key promised first for encrypted data transmission between the user and the server, and a dedicated server generated for encrypted communication when the user connects to the server. The Internet personal safe service according to claim 1, wherein the key and a shared key generated by the server for encrypted communication when the user connects to the server encrypt the data at the time of data transmission. 5. The Internet personal safe service according to claim 4, wherein data is encrypted using a 128-bit SEED encryption algorithm. 6. The backup file name is an ID name, an original file name,
And YYYYMMDD HHMMSS, where'YYYY 'is the year the backup file was created,' MM 'is the month the backup file was created,' DD 'is the day the backup file was created,' HH 'is the hour and'MM' The Internet personal safe service according to claim 1, wherein'is a minute and'SS 'is a second. 7. A main control server for a customer to initially connect, perform user authentication and registration, and pay a dividend to a service server; a data backup device for storing the data; and a main control server, which can be installed in the main control server. A user module that can be separately configured and is provided in the user computer for the user to use the Internet safe service in the Internet personal safe service that is composed of a web server for launching a homepage that provides services for service publicity and user registration. The program, the main control server process that accepts the user's connection in the earliest role and performs the role of authentication, registration and distribution, and the actual data backup and restore functions for the authenticated or registered user. Service server process to be performed on the net or intranet, system management process that performs the function for changing and monitoring any changes on the PD-IBS server side, and operates in conjunction with the billing process, and user data A CD-ROM manufacturing process provided by manufacturing a CD-ROM, and the log information and user database information recorded in each of the server processes are integrated to perform a general arrangement for usage fees and usage amounts, An Internet personal safe service comprising a billing process that operates in conjunction with the system management process and a user compensation process that compensates the user for lost or lost data. 8. The main control server process performs a process for user authentication and registration, manages a version of user software used by the user, and manages a user who is using an evaluation version of the software. 8. The Internet personal safe service according to claim 7, comprising a user management process for managing, and a database management process for managing a database for user information and a database for stored file information. 9. The method of claim 8, wherein managing the user software version in the user management processor is performed by providing a download function to a user with a new version when requesting an upgrade use of a user module process. Internet personal safe service. 10. The service server process comprises a file transmission / reception control process for controlling transmission / reception of a file, and a file storage management process for operating a file transmitted from a user using a unique file system. The Internet personal safe service according to claim 7, characterized in that. 11. The file transmission / reception control process includes a user re-authentication process for performing a re-confirmation procedure by using the confirmation information provided at the time of authentication by the main control server process, and a function and access authority to be restricted. IP filtering process to extract the IP address of the user who is connected to the file, file list transmission process to transmit the file list when the user backup information is requested, and file to store the file received together with the user's backup request A storage process, a file comparison process that performs processing for the same file and a process for different files when storing files by the file storage process, and a file deletion process that deletes a file requested by a user in the network array 11. The Internet personal safe service according to claim 10, which is configured by: 12. The file system of the file storage management process, as information for connecting file list information for a user and all file information in the network array, an index unit for expressing a linking link with data and display information, The file transmitted from a user, which is stored in the network array under a new name by the service server process, and information for the file is recorded in the index section.
Internet personal safe service described in 0. 13. The system management process includes a system setting process that performs user IP extraction permission / range registration, user registration / cancellation, and data addition / deletion in the IP filtering process, and a status of the currently connected users. System monitoring process that monitors the system log, system log management process that searches and manages the system log according to types such as storage, classification and deletion, and media that sets general PC media etc. to store backup data 8. The system according to claim 7, comprising a setting process, a user status monitoring process for monitoring information of users who are using the service in real time, and a database management process for managing a database in the server. Described Internet personal safe service. 14. The billing process calculates a fee breakdown and a billing basis material for use for a user who has used a backup service, and calculates the total use time, the number of connections, and the amount of data moved in a predetermined number of days. change of,
8. The method according to claim 7, wherein the user charges the usage fee by linking the materials with the person to be billed and performing calculation of the fee billing material, and by evaluating the value of the file stored by the user. Internet personal safe service described in. 15. The Internet individual according to claim 7, wherein the main control server process uses a system shared memory for exchanging information with the service server for managing a logon or logoff state of a user. Safe service. 16. A step of performing a login operation for permitting a log of a subscriber to set up a connection with an Internet personal safe service, and considering the status of the subscriber, if the logged-in subscriber is a new subscriber, In the case of performing a new subscriber registration operation, if it is not a new subscriber, performing an operation of permitting the subscriber who has logged in the Internet personal safe service, and the status of the subscriber using the main control server. Confirmation of the subscriber, permission of the subscriber to be confirmed by the service server, communication to transmit the subscriber's file from the subscriber to the Internet personal safe, and the subscriber requested by the subscriber. Data storage for backing up files of the subscriber, restoration of subscriber files requested by the subscriber, Provide a list of files stored or restored by the subscriber, download the most recent information of the subscriber's stored data files requested by the subscriber, if the subscriber's data file is lost or damaged An Internet personal safe service characterized by the steps of setting the environment such as compensation procedures. 17. The environment setting step includes a step of setting a storage method definition for defining a method of storing a subscriber's file, and a schedule definition step for defining a storage schedule for the subscriber file. The method further includes a subscriber information changing step for defining a method of changing registered subscriber information, and a virus inspection defining step for inspecting and treating a virus contained in the subscriber file. The Internet personal safe service according to claim 16. 18. The authentication processing information of a user connected by the main control server process is used as confirmation information at the time of re-authentication in the service server process that actually performs a service process. Internet personal safe service. 19. An input database of the main control server process, an output database of the main control server process, an input database of the service server process, an output database of the service server process, and an input database of the system management process. An Internet personal safe service, comprising: an output database of the system management process; a user information database related to user information; and a login information database related to login information. 20. The Internet personal safe service according to claim 19, wherein the login information database is composed of a sequential access method (Sequential Access Method) file that is not a database file. 21. A PDA (Personal Digital Assist)
ant) provides a method for storing the user's data, and the form of the stored data is PIMS (Personal Information) such as the user's telephone directory, address book, schedule, memo pad and cash register.
Management System) Internet personal safe service characterized by data, user's E-mail contents transmitted / received, and user's general documents such as document files and text files. 22. Internet personal safe service characterized in that a user shares data stored in a safe through the sharing function among the users registered in the sharing function to share the stored information. Safe service. 23. The user's voice is recorded and stored in a safe so that the stored voice file and other files of the user can be transmitted to the other party through E-mail, and the transmitted voice file is separately. Internet personal safe service characterized by being able to automatically play back content provided from the safe without the application program of. 24. The Internet billing service, wherein the billing process includes an internet billing service when an internet user applies for a pay subscription by providing an internet billing service by depositing a bankbook or credit card. service.