JP2007026402A - Server configuration method and data management method for attaining high security - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To solve the problems that a security improvement method of data managed by a server system is a means for improving security to an unauthorized intruder from the outside of a network system so far, the data can not be protected when there is a person who intrudes inside a firewall or a person who attempts to perform unauthorized utilization inside and furthermore, it is powerless against physical theft for physically stealing a storage device of a server or creating copy of the data by temporarily detaching the storage device. <P>SOLUTION: In the present invention, a means for decoding the data at a normal state in data distribution and securing high security to unauthorized access to the data by encrypting, holding the data managed by a data management server, not by placing a key for decrypting encryption in a data storage device of a computer but arranging the key only in a main memory of the computer is provided. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention constructs a mechanism for applying high security to data managed by a server system in a server system that supplies data to a global network such as the World Wide Web. It can be applied not only to global networks such as the World Wide Web, but also to small network systems such as intranets and corporate LANs.

  Conventionally, a server system that supplies data to a global network such as the World Wide Web, or a small-scale network system such as an intranet or a corporate LAN, has been used as a means for increasing the security of data managed by the server system. In general, there was a method called “Fall” to prevent unauthorized intruders trying to enter the server illegally from entering the computer.

  As a specific means for that purpose, an ID number is issued to a regular user called a user ID, and the authority of what can be viewed and edited by the server system is given by the ID. Corresponding passwords prevented unauthorized intruders from entering. For example, for user IDs with high authority to view and edit all data managed by the server, security is improved by checking multiple passwords instead of one password.

  In addition, each time a command such as “Copy” or “Edit” is executed on the data, the password cannot be executed unless password verification is performed, even if an intruder enters the computer. Even so, we are trying to improve security by using methods that prevent the most damaging processes such as data theft and tampering.

  However, the method for improving the security of data managed by these server systems is only a means to improve security against unauthorized intruders from outside the network system, and there were those who tried to use illegally inside the firewall. In some cases, there is a problem that data cannot be protected.

  In addition, if there is a person who tries to illegally use the server, the server storage device can be physically stolen or temporarily removed to create a copy of the data. There is a problem that the conventional security improvement methods are not useful for such physically implemented fraud.

  In order to solve the above-described problems, the present invention is configured as a first means related to a server configuration method and a data management method for realizing high security for the purpose of data distribution connected to a global network system. And a data management server for managing data such as holding a plurality of data and transmitting the data to a request destination when there is a delivery request for the held data. The control server is designed to control the data management server, and only the data management server is connected to the global network system. The connection between the data management server and the control server is the global network system. By using other protocols instead of the IP connection used A server group characterized in that even if the far-wall system applied to the server group is broken by an unauthorized intruder from the outside and enters the server group, it is connected so that it cannot enter the control server. Adopt construction means.

  In order to increase the confidentiality of data managed by the data management server in the management method in the data management server adopted as the first means as the second means related to the server configuration method and data management method for realizing high security All data managed by the data management server is stored in an encrypted state using an encryption key, and the encryption key is not stored as data in the data management server but resides in the main memory. We adopt data confidentiality holding means characterized by holding by means.

  As a third means related to the server configuration method and the data management method for realizing high security, when there is a distribution request for the data held in the data management server adopted as the second means, the data is transmitted to the request destination. In this management method, when data is transmitted, the data managed in an encrypted state is read and decoded into normal data using an encryption key resident in the main memory of the data management server However, the data distribution means is characterized by transmitting the retained data to the request destination as normal data that is not encrypted by transmitting the data.

  As a fourth means related to a server configuration method and a data management method for realizing high security, it is a method for managing an encryption key in a data management server adopted as a second means. The control server always manages the control server. Save the encryption key that the data management server should have, and when the encryption key resident in the main memory of the data management server disappears for some reason, the data management server obtains the encryption key from the control server Therefore, the data management server adopts the encryption key management means that makes it possible to always make the encryption key resident in the main memory.

  As fifth means related to the server configuration method and data management method for realizing high security, the data managed in the encrypted state in the data management server adopted as the third means is decoded into normal data. A server configuration means for transmission, in which the encrypted data held by the data management server is decoded into normal data and transmitted without being processed by the data management server. By processing, the data management server does not hold the encryption key, so that the far-wall system applied to the server group is broken by an unauthorized intruder from the outside and enters the server group. Even if the data and the main memory held by the are decrypted, the encrypted data and the cipher are decoded. Simultaneously it eliminates the the stolen encryption key, employing the decryption server configuration unit, characterized in that can realize more secure data management.

  As the sixth means related to the server configuration method and data management method for realizing high security, the server group configuration means adopted as the first means and the data confidentiality holding means adopted as the second means are applied, In data distribution, by applying the data distribution means adopted as the third means or the decryption server construction means shown in claim 5, the data is stolen or falsified by illegally entering the server group via the network. It is possible to improve the security of data retention management for unauthorized intruders to perform, and improve the security of data retention management for unauthorized persons who physically steal the data storage device of the data management server. A server configuration method and data management method that realizes high security To.

  In order to realize the server group constituting means which is the first means of the present invention, it is only necessary to arrange a control server for a general server system constituted so far. The control server and data management server can be implemented using other protocols instead of the IP connection that constitutes a normal computer network.

  In order to realize the data confidentiality holding means, which is the second means of the present invention, there is no technical problem because only the encoding logic for encryption at the time of data storage is executed.

  In order to realize the data distribution means which is the third means of the present invention, the encryption key is not arranged on the disk but only on the main memory. This is because there is no technical problem because the program is always run on the server.

  In order to realize the encryption key management means that is the fourth means of the present invention, the always-executed program described by the data distribution means that is the third means of the present invention is stored in the control server, and the data is stored for some reason. When a constantly running program running in the management server is terminated or interrupted, it can be realized simply by calling and executing the always running program stored on the control server, and there are no technical issues.

  In order to realize the decryption server configuration means which is the fifth means of the present invention, among the server system configuration methods described in the first means of the present invention, the encrypted storage stored in the data management server is performed. It is only necessary to execute a process for decoding the processed data into normal data on another server. For example, when a one-to-one decoding computer is pasted to the data management server and the data is distributed, this pasting is performed. It only needs to be distributed via the attached computer, and there is no technical problem.

  As described above, the present invention can be easily realized by combining existing technologies.

  Embodiments of a server configuration method and a data management method for realizing high security according to the present invention will be described below with reference to the drawings.

  FIG. 1 is a diagram showing a configuration of a server system using a server configuration method and a data management method for realizing high security of the present invention.

  In this section, we will describe an example of a server system that distributes data to the Internet. The server system 1 composed of a plurality of devices has a defense wall called “Firefall 2” as a countermeasure against an unauthorized intruder who destroys or steals data managed and entered from the Internet 3 by an unauthorized method. It is constructed. As a result, the security of the server system 1 is maintained by preventing unauthorized users from entering the server system 1.

  As shown in FIG. 1, the firewall prevents unauthorized intruders who try to enter the server illegally at the entrance of the server system 1. As specific means, an ID number is issued to a legitimate user called a user ID, and the authority of what can be viewed and edited by the server system 1 is given by the ID, and the ID is supported. The password used to protect against unauthorized intruders. For example, for user IDs with high authority to view and edit all data managed by the server, security is improved by checking multiple passwords instead of one password.

  In this way, the firewall 2 has been designed to prevent unauthorized intruders from entering the server system 1 through a lot of contrivances, but unfortunately it cannot completely prevent unauthorized intruders.

  The firewall 2 is only for unauthorized intruders from the outside. The inside of the firewall 2 is a safe zone. Furthermore, even if insiders are malicious, Firewall 2 cannot prevent it. As a result, the firewall 2 is meaningless for information leaks from inside that have become a problem in recent years.

  Furthermore, if the malicious one is an internal human, the server storage device can be physically stolen or temporarily removed to create a copy of the data. There is a problem that the conventional security improvement methods are not useful for such physically implemented fraud.

  Thus, the conventional server systems have included many security problems.

  On the other hand, in the server configuration method and data management method for realizing high security according to the present invention, as shown in the second invention, the data management server 4 does not manage the data but encrypts it. Hold in the form.

  As a result, even if an unauthorized user who broke through the firewall 2 or an inside malicious person accessed the unauthorized data, the data is in a format that has no meaning. It cannot be tampered with. Furthermore, it is possible to cope with the physical storage of the server by a malicious person inside the server, or by temporarily removing it and making a copy of the data.

  Furthermore, since the encryption key for decrypting the stored data does not exist in the data storage device 44 of the data management server 4 but exists only in the main memory 41 of the data management server 4, in order to decrypt the encrypted data and the encryption The situation is such that it is unlikely that both encryption keys will be stolen at the same time.

  This is because the normal data management server 4 comprises a main memory 41, a central processing unit 42, a network controller 43, and a data storage device 44 as shown in FIG. Even if an unauthorized user who broke through the firewall 2 and an inside malicious person accessed unauthorized data, the data management server 4 in the data storage device 44 via the network controller 43 The data is only viewed in the data storage device 44. Since the data is encrypted in the data storage device 44, there is no problem even if it is viewed.

  Furthermore, since the encryption key for decrypting the encryption key exists only in the main memory 41, it requires a great effort to steal it. Here, as shown in FIG. 3, the data management server 4 does not perform the decoding process for restoring the encryption of the data managed by the data management server 4, but the data management server 4 has each data management server 4 as described in the fifth invention. On the other hand, if the corresponding decoding machine 6 is arranged, it is possible to realize a situation where the encryption key for decrypting the data held in the data management server 4 is not located anywhere on the computer, and it is possible to ensure higher security. It is.

  Here, for simplification, the data management server 4 and the decoding machine 6 are described in a one-to-one correspondence in FIG. 3, but two data management servers 4 and one decoding machine 6 are described. An arrangement that is not one-to-one correspondence may be used. Furthermore, if a network that can access a plurality of data management servers 4 and a plurality of decoding machines 6 from anywhere to everywhere is arranged, each time data is distributed from the data management server 4, It is also possible to distribute data via a small number of jobs.

  If the encryption key resident in the main memory 41 of the data management server 4 is lost for some reason, as described in the fourth invention, if the encryption key is stored in the control server 5, the encryption key can be stored from here. By pulling the data, the main memory 41 of the data management server 4 can always hold the encryption key.

  When realizing such a configuration, the data communication fee between the control server 5 and the data management server 4 does not become large. Therefore, it is not necessary to connect with IP connection which is a normal network construction protocol. Rather, it works well even with older protocols such as RS232C.

  Therefore, if the connection between the control server 5 and the data management server 4 is realized by other than the IP connection, an unauthorized user who has entered after breaking the firewall 2 or an internal malicious person cannot use electronic operations. Only the data management server 4 can be reached, and the situation where the location of the control server 5 cannot be recognized can be created.

  Further, if there are a plurality of data management servers 4 and if, for example, the data management servers 4 are arranged so that data for managing one of the data management servers 4 in FIG. For example, the data managed by B is copied to A with another encryption key, and after the creation is completed, the data managed by B is deleted and B is emptied. Then, the data managed by C is copied to B with another encryption key, and after the creation is completed, the data managed by C is deleted and C is emptied. In this way, it is possible to update the encryption key sequentially, and it is possible to achieve higher data security.

  As described above, if the server configuration method and data management method for realizing high security of the present invention are used, the server system connected to the network for the purpose of data management / distribution constructed so far can be realized in hardware. Can achieve high data security by adding a control server.

  Since there are no difficult factors in terms of software, the system can be easily realized at low cost.

  Therefore, not only for large-scale server systems intended for data distribution on the Internet, but also for all data management such as server systems connected to networks for data management and distribution in intranets and in-house LAN systems. It may contribute to the realization of the server system.

  It is the figure which showed one constitution of the server which uses the server constitution method and the data management method which realize high security of this invention.   This is a simplified diagram showing the internal hardware configuration of the data management server.   It is the figure which showed one constitution of the server which uses the server constitution method and the data management method which realize high security of this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Server system 2 Firewall 3 Internet 4 Data management server 41 Main memory 42 Central processing unit 43 Network controller 44 Data storage device 5 Control server 6 Decoding machine

Claims (6)

A server group configuration method that is connected to a global network system and configured to distribute data.
A data management server for managing data such as holding a plurality of data and transmitting data to a request destination when there is a distribution request for the held data;
Consists of a control server for the purpose of controlling the data management server,
Only the data management server is connected to the global network system, and the connection between the data management server and the control server is not an IP connection used in the global network system, but another protocol.
Even if the far-wall system applied to the server group is broken by an unauthorized intruder from outside,
Server group configuration means characterized by being connected so as not to enter the control server. A means for increasing the confidentiality of data managed by the data management server in the management method of the data management server according to claim 1,
All data managed by the data management server is stored in an encrypted state using an encryption key.
Data confidentiality holding means characterized in that the encryption key is not stored as data in the data management server but is held by means resident in the main memory. A management method for transmitting data to a request destination when there is a delivery request for retained data in the data management server according to claim 2,
When sending data, read the data managed in an encrypted state,
The stored data is transmitted to the request destination as normal unencrypted data by transmitting the decoded data to normal data using the encryption key resident in the main memory of the data management server. Data distribution means. An encryption key management method in the data management server according to claim 2, comprising:
The control server always stores the encryption key that the data management server managed by the control server should have,
When the encryption key resident in the main memory of the data management server is lost for some reason,
The data management server obtains the encryption key from the control server,
An encryption key management means characterized in that the encryption key can always be resident in the main memory in the data management server. A server configuration means for transmitting data managed in an encrypted state in the data management server according to claim 3 while decoding the data into normal data,
The data management server does not perform the process of sending the encrypted data stored in the data management server while decoding it into normal data.
By processing by the server dedicated to decoding,
By preventing the data management server from holding the encryption key,
Even if the far-wall system applied to the server group is broken by an unauthorized intruder from the outside and enters the server group, the data and main memory held by the data management server are decrypted.
The encrypted data and the encryption key that decodes the encryption are not stolen at the same time,
Cryptographic server construction means characterized in that data management with higher security can be realized. In the server group constituting means shown in claim 1, the data confidentiality holding means shown in claim 2 is applied, and
In data distribution, by applying the data distribution means shown in claim 3 or the decryption server construction means shown in claim 5,
In addition to improving the security of data retention management for unauthorized intruders who illegally enter the server group via the network and attempt to steal or tamper with data,
A server configuration method and a data management method for realizing high security, wherein security of data retention management can be improved even for an unauthorized person who physically steals a data storage device of a data management server.

Images