JP2005301464A - Backup method and system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve problems in backup such as difficulties of differential backup in data updating when backup is carried out while data are encrypted for securing data secrecy, problems of a communication time and a communication fee, and problems with consistency of differential data when a plurality of backup servers are used in compliance with a network configuration. <P>SOLUTION: In backup of encrypted data, a signature for differential computing is backed up together. In backup for second times and afterward, a differential is calculated by using the signature, and an encrypted differential is backed up with a new signature. In this way, efficient encrypted data backup is carried out. Version information is managed with differential data, and when comparison of the version is carried out between the servers, data can be synchronized between the servers. <P>COPYRIGHT: (C)2006,JPO&NCIPI

Description

  The present invention relates to a data backup method, and more particularly to an efficient backup method and system for backing up data in an encrypted state.

  In recent years, with the advent of the ubiquitous society, data is scattered in various things such as notebook computers, mobile phones, and PDAs, and there has been a demand for centralized backup. In order to maintain the confidentiality of information at the time of data backup, a method of encrypting user data as disclosed in Patent Document 1 with a client and backing it up to a server has been proposed. However, in the method of Patent Document 1, since the data to be backed up is encrypted and transmitted every time backup is performed, the amount of communication increases as the amount of data increases, and the communication time and communication charge increase.

  In order to solve this problem, Patent Document 2 proposes a differential backup that backs up only updated data. However, since the method of Patent Document 2 downloads all the data that has been backed up once, it does not contribute much to reducing the amount of communication in cases where downloading of all the data is not necessary. Also, although temporarily, new and old files exist at the same time on the client, a large amount of data storage area for the client is required.

  In order to solve the above-described problem, Patent Document 3 proposes a method of using a feature value for each block of data called a signature. In the first method described in Patent Document 3, the signature of the backed up data is saved on the client when backup is performed, and the saved signature and the current signature are to be backed up at the time of the next backup. And a method of efficiently creating difference information by comparing the data signatures. In the second method described in Patent Document 3, a signature of backed-up data is calculated on the backup server side and transmitted to the client, and the client receives the received signature and data currently being backed up. A method for efficiently creating difference information by comparing signatures is disclosed. However, the first method requires a data storage area for storing the signature in the client, and a method with a smaller amount of data is required for mounting on a device having a limited data storage area such as a mobile phone or a PDA. It has been. Further, when data is copied to another client using a medium such as a floppy (registered trademark) disk, there is a problem that a differential backup cannot be performed because there is no signature when the data is previously backed up to the other client. Further, since the signature calculation is performed on the server side, the second method cannot be used in the encrypted backup as described in Patent Document 1.

  As an example of the signature used in Patent Document 3, the rsync algorithm disclosed in Non-Patent Document 1 is widely known.

  In the method of Patent Document 3, backups from all clients are collected on one backup server. However, in a situation where various environments such as mobile phones, in-house computers, and PDAs are mixed, not all clients can be connected to a specific server, and backup to a backup server in a network environment according to the situation is performed. There is a need to synchronize data between backup servers.

JP 2002-351722 A JP 2001-34580 A USP 5,765,173 Andrew Tridgell 1999 "Efficient Algorithms for Sorting and Synchronization" PhD thesis, The Australian National University

  An object of the present invention is to provide a method for efficiently performing differential backup while keeping the confidentiality of data without squeezing the data storage area of the client. Another object of the present invention is to provide a method for synchronizing a plurality of backup servers while maintaining the confidentiality of data.

  In order to achieve the above object, the client terminal according to the present invention calculates the signature for the difference calculation together with the encrypted data to be backed up (encrypted data) when performing the initial backup. Send it to the server along with the encrypted data. From the second time on, the signature received last time from the server is sent to the client, the client calculates the difference using the signature, calculates the signature of the data to be backed up, and calculates the difference as encrypted Send the signature to the current server.

  In order to achieve the above-mentioned another purpose, the backup server stores, together with the encrypted differential data and the signature, for example, data that specifies the version of the data such as date and time in a record together, and the first backup server Is sent to the second backup server, and the second backup server requests the received version data that the user does not have, and the version data Among these, the data which the said 1st backup server does not have is transmitted, and the synchronization between servers is implement | achieved.

  According to the present invention, it is possible to efficiently implement differential backup while maintaining the confidentiality of data without squeezing the data storage area of the client.

  In addition, by realizing synchronization between multiple backup servers, it is guaranteed that backups can be taken normally even when backup is performed from different environments such as personal computers and mobile phones.

  Hereinafter, the best mode for carrying out the present invention will be described in detail. FIG. 1 shows a system configuration in this embodiment. The backup server 110 has a data storage device 111, is connected to the client 130 via the network 160, and is connected to the backup server 120 via the network 150. Like the backup server 110, the backup server 120 also has a data storage device 121, and is connected to the client 140 via the network 170 and the backup server 110 via the network 150.

  The client 130 has an arithmetic device 132 and a data storage device 131, and the client 140 has an arithmetic device 142 and a data storage device 141. For example, the client 130 is a personal computer, the network 160 is an in-house LAN, the backup server 110 is an in-house server, the network 150 is the Internet, the backup server 120 is a server in a mobile carrier, the network 170 is a mobile phone network, and the client 140 is a mobile phone. In this example, the networks 150, 160, and 170 are separate networks, but it is not always necessary. For example, all servers and clients are connected via the Internet, or only the network between servers is a high-speed storage network. It is also possible to do.

  FIG. 2 is a backup processing flow. In step 210, the client 130 transmits a backup start request message including the name of the file to be backed up, the last update date and time, the file size, and the like. The server 110 that has received the backup start request message in step 220 checks whether or not the file exists in the data stored in the data storage device 111 in step 230. If not, the initial registration process in step 240 is performed. (Described later in FIG. 3). If it has already existed in step 230, it is determined in step 250 whether the data stored in the data storage device 111 is older than the last update date / time transmitted. Difference update processing (described later in FIG. 4) is executed. If the data in the data storage device 111 is the same as or newer than the data in the data storage device 131 of the client 130 in step 230, an update unnecessary process (described later in FIG. 5) is executed in step 270 and the process ends.

  In the above description, the client 130 and the server 110 have been described as an example, but the same applies to a combination of the client 140 and the server 120. Further, in the above description, the file size is included in the backup start request message, but this is not always necessary for performing the backup.

  FIG. 3 is a process flow illustrating the initial registration process in step 240 in detail. The server 110 that determines that initial registration is necessary in step 230 transmits an initial registration request to the client 130 in step 310. The client 130 receiving the initial registration request in step 320 calculates the signature of the file to be backed up in step 330, encrypts the file to be backed up in step 340, and stores the encrypted data and signature in step 350. 110. Here, the order of step 330 and step 340 may be reversed. The server 110 that has received the message in step 360 stores the received file name, last update date, encrypted data, and signature in the data storage device 111 in step 370.

  FIG. 4 is a process flow illustrating the difference update process in step 260 in detail. The server 110 that has determined that the update is necessary at step 250 transmits an update request message including the signature stored in the data storage device 111 to the client 130 at step 410. The client 130 that has received the update request message in step 420 calculates a difference based on the received signature in step 430, encrypts the calculated difference in step 440, and calculates the signature of the file to be backed up in step 450. In step 460, the encrypted difference and the calculated signature are transmitted. The difference calculated here means a portion where addition, change, or deletion is present in the file data. In addition, the signature calculated in step 450 is a recalculation of the updated file in units of blocks, and is a different signature from the previous signature. Here, the order of the differential encryption processing in steps 430 to 440 and the signature calculation in step 450 may be reversed. The server 110 that has received the message in step 470 stores the received last update date, encrypted differential data, and signature in the data storage device 111 in step 480.

  FIG. 5 is a process flow illustrating in detail the update unnecessary process in step 270. The server 110 that has determined that the update is unnecessary in step 250 transmits an update unnecessary notification in step 510, and the client 130 that has received the update unnecessary notification in step 520 ends the backup of the corresponding file.

  FIG. 6 is a diagram showing a data structure related to a specific file among backup data stored in the data storage device 111. The backup data table shown in FIG. 6 includes a last update date and time 610, an update date and time 620 before backup, a file size 630, a data portion 640, a signature 650, and the like. At the time of initial registration, the pre-update date and time 620 does not exist, and encrypted initial data obtained by encrypting the entire file is stored in the data portion. In other cases, the update date / time of the file that is the source of the difference is described in the pre-update date / time 620, and the encrypted differential data calculated in steps 430 and 440 are stored in the data portion.

  FIG. 7 is a processing flow of the client 130 after transmitting the backup start request in step 210. The message received from the backup server 110 is determined in step 710, and if it is an initial registration request, the signature is calculated in step 330, the entire file is encrypted in step 340, and transmitted to the server in step 350. If the received message is an update request, the difference is calculated in step 430, the difference is encrypted in step 440, the signature is calculated in step 450, and then transmitted to the server in step 460. If the received message is an update unnecessary notification, the client 130 ends without doing anything.

  FIG. 8 is a diagram showing a processing flow for synchronization between a plurality of backup servers. In step 810, the server 110 transmits a list of update dates and times of data existing in the data storage device 111 to the server 120 regarding the target file. The server 120 that has received the update date list in step 820 compares the update date list existing in the data storage device 121 with the received update date list in step 830, and in step 840 the data storage device 121. The data list corresponding to the update date and time that does not exist in the data storage device 111 and the update date and time list for requesting data that exists in the data storage device 111 but does not exist in the data storage device 121 are transmitted. The server 110 that has received the message in step 850 stores the received shortage data in the data storage device 111 in step 860 and transmits data corresponding to the requested update date list in step 870. The server 120 that has received the message at step 880 stores the received shortage data in the storage device 121 at step 890.

  FIG. 9 is a diagram showing an excess / deficiency determination method in step 830. The server 120 compares the version list 910 received in step 810 with the version list 920 stored in the data storage device 121, no update is required for 912 and 922 where the same thing exists, and 921 and 923 that exist only in 920. Transmits data to the server 110, and requests data to the server 110 for 911 and 913 that exist only in 910.

  Although FIG. 9 illustrates the case where the backup server keeps the differential data at all points in time, in the case where only the latest data needs to be retained, the database size and the amount of communication data between servers are explained by the method described below. Can be reduced. FIG. 10 is a diagram showing an excess / deficiency determination method in step 830 in a case where only the latest data need be retained. In FIG. 10, since the data held by the server 120 is newer than the data held by the server 110, the data held by the server 110 is searched in order from the latest data held by the server 120. Then, since it can be seen that the difference data 912 corresponding to the difference data 922 exists, the update date and time of the difference data 922 and the subsequent difference data 923 are transmitted. The backup server 110 that has received the update date and time of the difference data 922 and the difference data 923 in step 850 recognizes that data newer than the difference data 912 is unnecessary based on the update date and time of the difference data 922, and the difference data 913. And the received difference data 923 is stored in the data storage device 111. The difference data 923 transmitted to the server 110 is a difference from the difference data 922 (the same content as the difference data 912 of the server 110), and it can be determined that the difference data 913 is unnecessary. In this case, the difference data 911, 912 (922), and 923 exist in the server 110 after synchronization, and the difference data 921, 922 (912), and 923 exist in the server 120 and are held by the two servers. The data does not necessarily match, but there is no problem for the purpose of restoring the latest version 923. Contrary to FIG. 10, when the data held by the server 110 is newer than the data held by the server 120, the server 120 holds the server 120 among the data held by the server 110 in step 840. By notifying the server 110 of the maximum data update date and time (corresponding to 922 in the above example), the server 120 requests data that does not exist in the server 120 and stores the insufficient data received in step 880 in the data storage device 121 in step 890. It is also possible to delete unnecessary data.

  Although the case where there is no branching in the file update has been described in the above example, the same applies to the branching update generally used in the version management system. In this case, a branch name or the like is added to the update start request, and data for identifying the branch is also added to the data stored in the data storage devices 111 and 121.

  In the above example, for simplification, data is backed up for each piece of data, but it is also conceivable to back up a plurality of files at a time to reduce the number of communications.

  Further, it is desirable to store a key management and encryption function for encrypting backup data in a high security device such as an IC card.

  According to the method described in the present invention, it is possible to realize a service for backing up data distributed to a mobile phone, a personal computer, etc. anytime and anywhere while maintaining the confidentiality of the data.

It is a system configuration figure in one example of the present invention. It is the backup processing flow in one Example of this invention. It is a detailed processing flow at the time of backup initial registration in one embodiment of the present invention. It is a detailed processing flow at the time of differential backup in one Example of this invention. It is a detailed processing flow when backup is unnecessary in an embodiment of the present invention. It is a figure showing the data item which a backup server hold | maintains in one Example of this invention. 4 is a processing flow of a client at the time of backup in one embodiment of the present invention. It is a processing flow of the synchronization between servers in one Example of this invention. It is a figure showing the process of the excess and deficiency determination at the time of the synchronization between servers in one Example of this invention. It is a figure showing another system of the process of the excess and deficiency judgment at the time of the synchronization between servers in one Example of this invention.

Explanation of symbols

110, 120 ... backup server 130, 140 ... client 111, 121, 131, 141 ... data storage device 132, 142 ... computing device 150, 160, 170 ... network 610 ... last update date / time 620 ... last backup date / time 630 ... size 640 ... Data 650 ... Signature

Claims (7)

In a method in which a backup server and one or more clients are connected via a network, the client data is transmitted to the backup server in an encrypted state, and the encrypted data is backed up.
The client sends an identifier indicating data to be backed up and information indicating the version of the data to the backup server,
The backup server compares the information indicating the received version with the version of the data currently stored in the backup server,
If the corresponding data is not backed up in the backup server, send an initial registration request to the client,
The client that has received the initial registration request encrypts the data to be backed up, calculates a feature value to be used for calculating the difference between the data to be backed up, and calculates the encrypted data and the feature value to the backup server. The backup server stores the received version information, the encrypted data, and the feature value;
If the corresponding data is backed up in the backup server and is older than the received version information, the feature value used for the difference calculation backed up to the client is transmitted,
The client calculates a difference based on the received feature value, encrypts the difference, calculates a feature value used for difference calculation of the data to be backed up by an arithmetic processing unit, and the encrypted difference data And the feature value to the backup server, the backup server stores the received version information, the encrypted difference data, and the feature value,
When the corresponding data in the backup server is equal to the received version information, an update unnecessary notification is transmitted to the client.
An encryption backup method characterized by the above. In a client device comprising a communication means and a calculation means, and capable of communicating with a backup server through the communication means,
A function to send the identifier and version information of the data to be backed up
A function of receiving a response from the backup server;
When the response is an initial registration request, the backup data is encrypted, a feature value for calculating a difference between the backup data is calculated, and the encrypted data and the feature value are stored in the backup server. With the ability to send to
If the response from the backup server is an update request including a feature value for difference calculation, the difference of the data to be backed up is calculated based on the received feature value, encrypted, and the difference of the data to be backed up A feature value for calculating the function, and the function of transmitting the encrypted difference data and the feature value to the backup server;
When the response from the backup server is an update unnecessary notification, a function to end the backup process;
A client device comprising:   The client apparatus according to claim 2, wherein an update date of data is used as the version information.   The client apparatus according to claim 2, wherein the feature value for the difference is encrypted.   5. The client apparatus according to claim 2, wherein a separable device is used for encryption. In a backup server comprising communication means, calculation means and data storage means, and capable of communicating with a client through the communication means,
The ability to receive data identifiers and version information;
Searching the data storage means based on the received identifier, and transmitting the initial registration request when the data corresponding to the identification does not exist in the data storage means; and receiving the encrypted data and the characteristic value A function for storing the received identifier, version information, encrypted data, and feature value together in the data storage means;
When there is data corresponding to the received identifier, the burn information of the corresponding data is compared with the received version information, and when the received version information is newer, the feature in the searched record A step of transmitting a value; a step of receiving encrypted differential data and a characteristic value; a function of storing the received identifier, version information, encrypted differential data, and characteristic value together in the data storage means;
When there is data corresponding to the received identification, and the version information of the corresponding data is equal to or newer than the version information received, a function of sending an update unnecessary notification;
A backup server characterized by comprising: A first backup server having communication means, data storage means and calculation means;
A second backup server having communication means, data storage means and calculation means,
In a system connected by a network, the data storage means of the first and second backup servers include at least an identifier representing data, version information, encrypted data or encrypted differential data, and differential There are multiple records consisting of feature values for calculation,
Said first backup server transmitting a list of version numbers relating to identifiers of data to be synchronized, present in said first data storage means;
The second backup server receiving the list of version numbers;
The second backup server comparing the received list of version numbers with a list of version numbers present in the second data storage means relating to an identifier of approximate data;
The second backup server transmitting a necessary record based on the comparison result; and the second backup server requesting a necessary record based on the comparison result;
The first backup server updates data with the received record;
The first backup server transmits a record according to the received record request;
The second backup server has a backup server synchronization processing function including a step of updating data based on the received record.

Images