JP2007072643A - Data storage system - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To improve security to losing, leakage, and falsification or the like of data by disaster, crime or the like. <P>SOLUTION: A wide-area network 1000 is connected with: a data transmission server 1; a data restoration server 2; and a plurality of data storage devices 3 installed in places geographically apart from each other. The data transmission server 1 has: a data division part 12 dividing the data performed with storage requirement into at least two data blocks; and a data transmission part 15 distributing at least the two data blocks to the plurality of data storage devices 3 via the wide-area network 1000 and transmitting them. The data restoration server 2 has: a data reading part 22 reading at least the two data blocks corresponding to the data performed with reading requirement from the plurality of data storage devices 3 via the wide-area network 1000; and a restoration processing part 24 restoring the data on the basis of at least the two read data blocks. <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a data storage system for storing various data, and more particularly to a technique for improving security of stored data.

  Conventionally, various data has been stored in a state of being printed on a print medium such as paper or in a state of being stored in a storage medium such as a tape / CD-R. In recent years, with the progress of the information-oriented society, technology for storing data in an electronic form has been developed. For example, in the medical field, a technique for creating medical image data, electronic medical record data, and the like and archiving them so that they can be referred to has been put into practical use.

  One of the problems that should be emphasized when storing digitized data is to ensure security to prevent data leakage, falsification, and loss. In particular, since recent data storage systems exchange data via a network such as the Internet or a LAN, it is difficult to predict when, where, and who intends to tamper with data through the network. Therefore, it is necessary to take security measures considering access from all angles to stored data.

  In addition, there is a risk that the system itself is destroyed due to the occurrence of a disaster or the like and data is lost. As a countermeasure, for example, a system for storing the same data in a plurality of storage locations has been put into practical use for storing confidential data of financial institutions and the like. According to this system, even when a disaster or the like occurs in one storage location, data in other storage locations is protected.

  In addition, a system that encrypts and stores data and decrypts the data when it is referenced is also widely used. For example, Patent Document 1 below discloses a data security system using an encryption technique. The system described in this document is configured to encrypt the transmission information to be secured between the transmission side and the reception side. On the transmission side, the transmission information is transmitted in a predetermined format, the transmission information is encrypted to obtain message authentication code information, and the message authentication code information is transmitted after transmitting the transmission information. On the receiving side, the received transmission information is encrypted and the message authentication code information is obtained independently, and both message authentication code information is collated to authenticate the transmission information with a match. The transmission information is stored.

Japanese Patent Laid-Open No. 10-79732

  However, in the existing methods as described above, it is difficult to say that the security of stored data is sufficiently ensured in consideration of all dangers.

  First, when using print media or storage media, if the media is destroyed or burnt down due to a disaster or the like, stored data is lost. There is also a risk of media being stolen or destroyed. In order to store such media, it is necessary to secure a storage space, and storing copies in a plurality of places is problematic from the viewpoint of cost effectiveness. Another problem is that it takes time to retrieve necessary data.

  In addition, when data is digitized and stored in a single storage location, the data may be lost if a disaster occurs in the storage location.

  On the other hand, when data is digitized and the same data is stored in a plurality of storage locations, the risk of data loss due to a disaster is reduced, but it becomes more difficult to deal with data leakage due to crimes and the like. That is, since the same data is stored in each storage location, the risk of data leakage increases as the number of storage locations increases in preparation for a disaster or the like.

  In addition, when using security protection measures such as encryption technology and password technology, investment costs and management costs are incurred, and encryption processing (encryption processing, decryption processing, etc.) and password processing are performed each time data is transmitted and received. Since the overhead increases due to (password assignment processing / collation processing, etc.), the apparatus performance may be constantly reduced. In addition, considering the improvement of the processing speed of the microprocessor and the obsolescence of the cipher due to the advancement of the cryptanalysis technique, it is necessary to strengthen the cipher to be used successively, and the cost for that will be increased.

  The present invention is for solving such problems, and provides a data storage system capable of improving security against various dangers such as data loss, leakage, and tampering due to disasters and crimes. For the purpose.

  Another object of the present invention is to provide a data storage system with high security capability while suppressing an increase in cost.

  In order to achieve the above-mentioned object, the invention according to claim 1 is characterized in that a plurality of data storage devices connected to a wide area network and installed geographically apart from each other, and connected to the wide area network, A storage request receiving unit that receives a storage request, a dividing unit that divides the data for which the storage request is received into two or more data blocks, and two or more data blocks obtained by the dividing unit through the wide area network Corresponding to the data for which the read request is accepted, the data transmission device having a transmission means for distributing and transmitting to a plurality of data storage devices, the read request accepting means for receiving the data read request connected to the wide area network Read two or more data blocks from the plurality of data storage devices through the wide area network A reading unit, a data storage system, characterized by and a data recovery device having a restoring means for restoring the data based on the read two or more data blocks were.

  The invention according to claim 2 is the data archiving system according to claim 1, wherein the data transmitting device is configured to store each data block based on two or more data blocks obtained by the dividing unit. Parity data generation means for generating parity data is further provided, wherein the transmission means transmits the generated parity data to a data storage device different from the transmission destination of the corresponding data block, and the data restoration device The data block read by the reading unit further includes a determination unit that determines whether the data block has been properly read from the data storage device of the storage destination; The parity data of the determined data block is read from the data storage device at the storage destination, and the restoration means is configured to read the read data block. A data block determined to have been properly read by the determination means, and a data block determined to be read properly by the determination means; The data is restored based on the data block.

  The invention according to claim 3 is the data archiving system according to claim 2, wherein the data transmitting device reflects each data structure of two or more data blocks obtained by the dividing means. Check information generating means for generating check information is further provided, wherein the transmitting means transmits the two or more data blocks together with the check information, and the reading means of the data restoration device includes the two or more data blocks. And the check information, and the determination means determines whether each of the two or more read data blocks has been read properly based on the check information.

  The invention according to claim 4 is the data archiving system according to claim 2, wherein the transmitting means of the data transmitting device stores the parity data of each data block generated by the parity data generating means. The data is transmitted to one of the plurality of data storage devices, and the two or more data blocks are distributed and transmitted to the plurality of data storage devices except the one.

  According to a fifth aspect of the present invention, one or more first data storage devices connected to a wide area network and installed geographically apart from each other, and the first data storage device geographically One or more second data storage devices installed at remote locations, connected to a local network, and geographically separated from the first storage device; and each of the wide area network and the local network A storage request receiving means for receiving a data storage request, a dividing means for dividing the data for which the storage request has been received into two or more data blocks, through the wide area network and the local network, by the dividing means Transmission means for distributing and transmitting the obtained two or more data blocks to the first and second data storage devices; Read request receiving means for receiving a data read request, and two or more data blocks corresponding to the data for which the read request has been received are read from the first and second data storage devices through the wide area network and the local network. A data storage system comprising: a reading unit; and a data processing device having a restoring unit that restores the data based on the two or more read data blocks.

  The invention according to claim 6 is the data storage system according to claim 5, wherein the data processing device is configured to store each data block based on two or more data blocks obtained by the dividing unit. Parity data generation means for generating parity data, and determination means for determining whether each data block read by the reading means has been properly read from the first or second data storage device of the storage destination; The transmission means transmits each parity data generated by the parity data generation means to the first or second data storage device different from the transmission destination of the corresponding data block, and reads the data The means stores the parity data of the data block determined to have not been properly read out by the determination means as the first or the storage destination of the data block. The restoration unit includes a re-forming unit that re-forms the data block that is determined not to be properly read based on the read parity data, and the determination unit includes: The data is restored based on the data block determined to be read properly and the re-formed data block.

  In the data archiving system according to claim 1 of the present invention, the data transmitting device divides the requested data into two or more data blocks, and the two or more data blocks are divided into a plurality of data archiving devices through the wide area network. In addition to transmitting in a distributed manner, the data restoration device reads two or more data blocks corresponding to the data requested to be read from a plurality of data storage devices through the wide area network, and restores the data based on the two or more data blocks. To work. Here, the plurality of data storage devices are installed at geographically distant locations.

  In the data archiving system according to claim 5 of the present invention, the data processing apparatus divides the data requested to be stored into two or more data blocks, and the two or more data blocks are connected to a wide area network. The first data storage device and the second data storage device connected to the local network are distributed and transmitted, and two or more data blocks corresponding to the data requested to be read are transmitted to the first and second data storage devices. The data is read from the data storage device, and the data is restored based on the two or more data blocks. Here, the first and second data storage devices are installed at locations geographically separated from each other.

  Therefore, according to the data storage system according to claim 1 or 5, even if data loss, leakage, falsification, etc. occur due to a disaster or crime, the entire data is not lost, and the data Since it is necessary to steal data from a plurality of data storage devices 3 in order to steal the whole, it is difficult.

  According to the data archiving system according to claim 5, since the data archiving apparatus is also installed in the same local network as the data processing apparatus, at least one data block can be transmitted only to the local network without going through the wide area network. Transmitted through. Therefore, even when all data passing through the wide area network is leaked, the entire data is not leaked.

  According to the data storage system according to claim 2 or 6 of the present invention, the parity data of each data block obtained by the dividing means is generated and transmitted to a data storage device different from the transmission destination of the corresponding data block. At the same time, it is determined whether the reading process of each data block by the reading means has been performed properly, the parity data of the data block determined to have not been read properly is read, and the data block is re-based based on the parity data. Operate to form and restore data.

  Therefore, even when the data block is falsified, the entire data can be restored by re-forming the data block using the parity data, so that the entire data can be protected.

  Thus, according to the present invention, it is possible to improve data security against various dangers such as data loss, leakage, and tampering due to disasters, crimes, and the like.

  Further, there is no need for the cost required when other security protection measures such as encryption technology and password technology are taken, and there is no fear of deterioration in device performance due to constant increase in overhead. Therefore, according to the present invention, it is possible to provide a data storage system with high security capability while suppressing an increase in cost.

  An example of a preferred embodiment of a data storage system according to the present invention will be described in detail with reference to the drawings as appropriate.

<First Embodiment>
[System configuration]
An example of a preferred embodiment of a data storage system according to the present invention is shown in FIG. This data storage system includes a data transmission server 1, a data restoration server 2, and a plurality (N) of data storage devices 3-1, 3-2,. -It is comprised including 3-N.

  The data transmission server 1 corresponds to an example of the “data transmission device” of the present invention. The data restoration server 2 corresponds to an example of the “data restoration device” of the present invention. The wide area network 1000 includes a wide area network (WAN) such as the Internet through a telephone line or a dedicated line, and is an information communication network that connects computers and databases that are geographically distant from each other.

  Each of the data transmission server 1, the data restoration server 2, and the data storage devices 3-1, 3-2,..., 3-N has address information (IP address, etc.) corresponding to the wide area network 1000 in advance. The data is transmitted to the target apparatus by designating address information of the transmission destination.

  A plurality (three in this case) of computer terminals 4A, 4B, and 4C are connected to the data transmission server 1 via the local network 1001, respectively. A plurality (two in this case) of computer terminals 5A and 5B are connected to the data restoration server 2 via the local network 1002, respectively. The local networks 1001 and L2 are information communication networks that do not include a WAN, such as a LAN (Local Area Network).

  The data transmission server 1 and each of the computer terminals 4A, 4B, and 4C are assigned address information corresponding to the local network 1001 in advance, and data is transmitted to the target device by designating the destination address information. It has become. The same applies to the data restoration server 2 and the computer terminals 5A and 5B connected by the local network 1002.

  Each of the computer terminals 4A, 4B, 4C, 5A, and 5B includes an existing computer, and operates and inputs a microprocessor such as a CPU, a RAM, a ROM, a hard disk drive, a display for display, a keyboard, a mouse, and the like. Device, a drive device for various media such as CD-R and DVD-R, and communication equipment such as a network adapter compatible with the local network 1001.

  Each of the computer terminals 4A, 4B, and 4C has a function of transmitting a data storage request to the data transmission server 1 through the local network 1001. The user inputs desired data to one of the computer terminals 4A, 4B, and 4C (for example, the computer terminal 4A), and performs a predetermined operation for storing the data. The computer terminal 4A that has received the operation transmits the data and a signal requesting storage of the data (referred to as a “storage request signal”) to the data transmission server 1 through the local network 1001. In response to the storage request signal, the data transmission server 1 executes a process described later for storing the data in the data storage devices 3-1 to 3 -N. The storage request signal includes identification information of the data, a command for requesting execution of storage processing, and the like. It is also possible to request that a plurality of data be stored at once by a single storage request.

  On the other hand, each of the computer terminals 5 A and 5 B has a function of transmitting a data read request to the data restoration server 2 through the local network 1002. When the user performs a predetermined operation, the computer terminals 5A and 5B (for example, the computer terminal 5A) acquire and display the list information of the data stored in the data storage devices 3-1 to 3-N. This list information is held by the data restoration server 2, for example. The user selects desired data from the list information with a mouse or the like. The computer terminal 5A transmits a signal (referred to as a “read request signal”) requesting reading of the selected data to the data restoration server 2 through the local network 1002. In response to this read request signal, the data restoration server 2 reads and restores the data from the data storage devices 3-1 to 3 -N (described later), and transmits the data to the requesting computer terminal 5 </ b> A. The read request signal includes identification information of the data, a command for requesting execution of read processing, and the like. It is also possible to request to read a plurality of data at a time by a single read request.

  Hereinafter, with further reference to FIG. 2 and FIG. 3, a data transmission server 1, a data restoration server 2, and a plurality of ( (N) data storage devices 3-1, 3-2,..., 3-N will be described in detail.

  Here, FIG. 2 is a block diagram illustrating an example of a functional configuration of the data storage system according to the present embodiment, and FIG. 3 is a block illustrating an example of a hardware configuration of the data transmission server 1 and the data restoration server 2. FIG.

[Data storage device]
First, the plurality of data storage devices 3-1, 3-2,..., 3-N will be described. The data storage devices 3-1, 3-2,..., 3-N are connected to the wide area network 1000 through individual communication lines. The data storage devices 3-1, 3-2,..., 3-N are installed in geographically distant locations, preferably in distant locations (for example, Hokkaido, Tohoku, etc.). One unit can be installed in each of the regions, Kanto region, Chubu region, Kansai region, Chugoku region, Shikoku region and Kyushu region, or one unit can be installed in Japan and other countries. it can.).

  The data storage devices 3-1, 3-2,..., 3-N have the same configuration (hereinafter may be collectively referred to as “data storage device 3”). The data archiving apparatus 3 is configured by a known network storage including a mass storage device such as a hard disk drive, a network interface corresponding to the wide area network 1000, an OS, a data management utility, and the like.

  The data storage device 3 receives the signal from the data restoration server 2 transmitted from the data transmission server 1,

  The data storage device 3 can be applied with any configuration as long as it has a data storage function, a data management function, and a communication function, such as a configuration including a database and a server. Moreover, it is not necessary for all the data storage devices 3 to have the same configuration.

[Data transmission server]
The data transmission server 1 executes processing requested from the computer terminals 4A, 4B, and 4C (hereinafter sometimes collectively referred to as “computer terminal 4”) through the local network 1001, or Process to provide data and programs. In particular, in response to a data storage request from the computer terminal 4, processing for transmitting the data (referred to as “storage data”) to the data storage device 3 and storing it is executed. A configuration related to the execution of this process will be described below.

[Hardware configuration]
First, the hardware configuration of the data transmission server 1 will be described with reference to FIG. The data transmission server 1 includes a CPU 100 (such as a microprocessor), a RAM 110, a ROM 120, a hard disk drive (HDD) 130, and a communication interface (I / F) 140, as in a normal computer. These units are connected via a bus 150.

  The CPU 100 executes a characteristic operation of the present invention, which will be described later, by expanding the data storage program 131 stored in the hard disk drive 130 on the RAM 110. Further, the CPU 100 performs various arithmetic processes and also performs operation control of each unit of the data transmission server 1, for example, control of communication processes by the communication interface 140.

  The data storage program 131 installed in the data transmission server 1 is a program that causes the data transmission server 1 to execute data division processing, parity data generation processing, check ID generation processing, data transmission processing, and the like, which will be described later.

  The communication interface 140 is provided with a wide area communication interface (I / F) 141 and a local communication interface (I / F) 142. The wide area communication interface (I / F) 141 includes a communication device such as a modem for performing data communication via the wide area network 1000. The local communication interface (I / F) 142 includes a communication device such as a network adapter for performing data communication via the local network 1001.

  The data transmission server 1 may include a user interface such as a display such as an LCD or a CRT, a keyboard for operation input, or a mouse.

[Functional configuration]
Next, a functional configuration of the data transmission server 1 having the above hardware configuration will be described with reference to FIG.

  The data transmission server 1 includes a storage request reception unit 11, a data division unit 12, a parity data generation unit 13, a check ID generation unit 14, and a data transmission unit 15. Hereinafter, details of each of these units will be described. A specific example of the operation of each unit will be described in the [Operation] section below.

(Storage request reception part)
The storage request reception unit 11 includes the local communication interface 142 in FIG. 3, and receives storage data and a storage request signal transmitted from the computer terminal 4 and transmits the storage data to the data division unit 12. Do. Further, the storage request signal is sent to the CPU 100, and the CPU 100 activates the data storage program 131 and starts control of processing to be described later. The storage request reception unit 11 corresponds to an example of “storage request reception unit” of the present invention.

(Data division part)
The data dividing unit 12 corresponds to an example of a “dividing unit” of the present invention that divides the storage data transmitted from the storage request receiving unit 11 into two or more data blocks, and includes the CPU 100. Hereinafter, processing contents executed by the data dividing unit 12 will be described.

  First, the number of divided data blocks (divided number) will be described. The hard disk drive 23 of the data transmission server 1 stores information indicating the number (N) of data storage devices 3 in advance. Further, the division number n of the storage data based on the number of the data storage devices 3 is also stored in advance.

  In the present embodiment, the division number n of stored data is the number obtained by multiplying the result of subtracting 1 from the number (N) of data storage devices 3 by a natural number (an integer k equal to or greater than 1), that is, the number of divisions. n = k × (N−1). This is applied when one of the N data storage devices 3 is used for storing parity data, which will be described later, and the remaining N-1 is used for storing data blocks of stored data. K indicates the number of data blocks stored in each data storage device 3.

  The data dividing unit 12 may be configured to determine the number of divisions based on the data amount of the stored data. Further, when a request or setting is made so that only some of the N data storage devices 3 (M; M <N) are stored, the number M is used to determine the division number. . Even in these cases, it is desirable to use the above-described equation for the number of divisions n. However, the number of divisions of the storage data is not limited to that according to the above formula, but is appropriately determined according to the system environment, user requirements, and the like.

  When two or more data storage requests are made at once, the data dividing unit 12 divides all the data requested for storage into the above-mentioned number n of data blocks.

  The data dividing unit 12 gives predetermined information to each data block when dividing the storage data into n data blocks. The predetermined information includes identification information of the storage data (obtained from the storage request signal), data identification information, attribute information of the data block, data length (data amount) information, and adjacent data blocks And information such as separator information for specifying the divided portion. This predetermined information is added to the head portion (header) of the data block, for example. Since this predetermined information has been conventionally used in the data division processing, it will not be referred to unless it is necessary.

  Further, it is desirable that the data dividing unit 12 is configured to divide the storage data so that the data amount of each data block is equal when dividing the storage data into n data blocks. Therefore, the data amount of each data block may be adjusted by adding dummy data to the data block.

  Further, the data dividing unit 12 may divide the storage data on the basis of the data amount instead of dividing the storage data on the basis of the division number n. That is, the data amount of the divided data block may be set (requested) in advance, and the stored data may be divided into data blocks for each data amount.

  The n data blocks obtained by dividing the storage data are sent to the parity data generation unit 13 and the data transmission unit 15, respectively.

(Parity data generator)
The parity data generation unit 13 corresponds to an example of the “parity data generation unit” of the present invention that generates parity data of each data block based on the n data blocks obtained by the data division unit 12. The CPU 100 is configured. The parity data generation unit 13 receives n data blocks from the data division unit 12 and generates parity data for each data block by performing, for example, one of the following two known methods.

  The parity data generation unit 13 can generate parity data of two or more data blocks by calculating an exclusive OR of two or more data blocks of the n data blocks. At this time, the data blocks to be subjected to exclusive OR are determined based on, for example, the number n of data block divisions and the number of data storage devices 3 that are transmission destinations (storage destinations) of the data blocks. As an example, when nine data blocks are stored in three data storage devices, an exclusive OR of (9 ÷ 3 =) three data blocks is calculated.

  When generating parity data for two or more data blocks, the parity data can be generated with reference to a grouping form in a data block group forming process described later by the data transmission unit 15. Preferably, one data block is selected from each data block group, and parity data is generated for these data blocks.

  In addition, the parity data generation unit 13 divides the data block (digital data having an arrangement of “0” and “1”) into unit data (for example, 7 bits, 8 bits, etc.) and “0” in each unit data. It is also possible to determine whether the number of “1” or “1” is an even number or an odd number (parity bit) and to arrange parity bits of all unit data as parity data.

  The parity data of each data block generated by the parity data generation unit 13 is sent to the data transmission unit 15.

(Check ID generator)
The check ID generation unit 14 corresponds to an example of the “check information generation unit” of the present invention that generates check information (check ID) of each of the n data blocks obtained by the data division unit 12. It is configured including the CPU 100.

  As a premise of processing executed by the check ID generation unit 14, the data transmission unit 15 is transmitted to each data storage device 3 based on n data blocks transmitted from the data division unit 12, as will be described later. A process of forming a data block group is performed. The check ID generation unit 14 generates a check ID for each formed data block group. As the check ID, for example, the parity bit (described above) of each data block group can be applied. The check ID is not limited to the parity bit, and arbitrary information reflecting the data structure of the corresponding data block group can be used.

  Similarly, the data transmission unit 15 forms a parity data group based on the parity data sent from the parity data generation unit 13 (described later). The check ID generation unit 14 generates a check ID for each parity data group.

  The check ID generated by the check ID generation unit 14 is sent to the data transmission unit 15.

(Data transmission part)
The data transmission unit 15 corresponds to an example of the “transmission unit” of the present invention in which the n data blocks obtained by the data division unit 12 are distributed and transmitted to the data storage device 3 through the wide area network and stored. The CPU 100 and the wide area communication interface 141 are configured. The data transmission unit 15 also performs processing for transmitting the parity data generated by the parity data generation unit 13 to the data storage device 3.

  When the data transmission unit 15 receives n data blocks from the data division unit 12, the data transmission unit 15 performs a process of forming data block groups corresponding to the number of data storage devices 3 serving as transmission destinations. For example, when three data storage devices 3 are used as transmission destinations of nine data blocks each having the same amount of data, the data transmission unit 15 groups these nine data blocks, for example, three by three, A block group is formed. Even when only one data block is transmitted to the transmission destination, such as when the number of data blocks is the same as the transmission destination, the data block is referred to as a “data block group”.

  The data transmission unit 15 is desirably grouped so that adjacent data blocks (that is, data blocks in which data is continuous) are not included in the same data block group. Further, when storing a plurality of stored data at a time, it is desirable to perform grouping so that all data blocks of each stored data are not included in the same data block group.

  In addition, the data transmission unit 15 forms one or more parity data groups based on the parity data received from the parity data generation unit 14. The number of parity data groups is the number of data storage devices 3 that are transmission destinations (storage destinations) of parity data set (or requested) in advance.

  Further, the data transmission unit 15 performs processing for adding the check ID generated by the check ID generation unit 14 to each data block group and each parity data group. The check ID is added to, for example, the end portion of the data block group or parity data group.

  Through the above processing by the data transmitting unit 15, a plurality of transmission data in which the check ID is added to the data block group and one or more transmission data in which the check ID is added to the parity data group are formed.

  The data transmission unit 15 designates the data storage device 3 as a transmission destination of each transmission data, and transmits each transmission data to the designated transmission destination through the wide area network 1000. At this time, a command for requesting the data storage device 3 to store the data is added to, for example, the header of each transmission data.

  When receiving the transmission data, the data storage device 3 stores (stores) the transmission data according to the command. Hereinafter, the transmission data stored in each data storage device 3 may be referred to as “storage partial data”.

  Note that when the transmission data is received, it is desirable to cause the data storage device 3 to execute processing for checking whether the transmission data is falsified or missing using the check ID. When falsification or the like occurs, a signal requesting retransmission is returned to the data transmission server 1. If there is no falsification or the like, a signal for displaying on the computer terminal 4 a message indicating that the data has been properly stored is returned to the data transmission server 1.

[Data recovery server]
Next, the configuration of the data restoration server 2 will be described. The data restoration server 2 executes processing requested from the computer terminals 5A and 5B (hereinafter sometimes collectively referred to as “computer terminal 5”) through the local network 1002, or performs data processing on the computer terminal 5. Executes processing that provides programs and programs. In particular, in response to a request to read stored data from the computer terminal 5, the stored data is read from the data storage device 3, restored, and transmitted to the requesting computer terminal 5. A configuration related to the execution of this process will be described below.

[Hardware configuration]
The data restoration server 2 has the same hardware configuration as the data transmission server 1. That is, the data restoration server 2 is provided with a CPU 100 (such as a microprocessor), a RAM 110, a ROM 120, a hard disk drive (HDD) 130, and a communication interface (I / F) 140, as shown in FIG. These units are connected via a bus 150. A user interface such as a display such as an LCD or CRT, a keyboard for operation input, or a mouse may be provided.

  The data storage program 131 installed in the data restoration server 2 is a program that causes the data decryption server 2 to execute data read processing, read data determination processing, data reconstruction processing, data restoration processing, and the like, which will be described later.

  The local communication interface (I / F) 142 of the communication interface 140 is configured to include a communication device such as a network adapter for performing data communication via the local network 1002.

[Functional configuration]
A functional configuration of the data restoration server 2 will be described with reference to FIG.

  The data restoration server 2 includes a read request accepting unit 21, a data reading unit 22, a read data determining unit 23, a restoration processing unit 24, and a restored data transmitting unit 27. The restoration processing unit 24 includes a data reconstruction unit 25 and a data restoration unit 26. Hereinafter, details of each of these units will be described. Note that a specific mode of operation of each unit will be described in the section of [Specific example] described later.

(Reading request reception part)
The read request receiving unit 21 includes a local communication interface 142, and receives a read request signal transmitted from the computer terminal 5, and transmits the read request signal to the data reading unit 22. Further, the read request signal is sent to the CPU 100, and the CPU 100 activates the data storage program 131 and starts control of processing to be described later. The read request receiving unit 21 corresponds to an example of “read request receiving means” of the present invention.

(Data reading part)
The data reading unit 22 reads the storage partial data corresponding to the storage data requested to be read by the read request signal received from the read request receiving unit 21 from the data storage device 3 through the wide area network 1000. It corresponds to an example. The stored partial data to be read includes data including the data block of the stored data and data including the parity data. The data reading unit 22 includes a CPU 100 and a local communication interface 142.

  More specifically, the data reading unit 22 obtains storage data identification information from the read request signal, and generates a signal including this identification information. Then, this signal is transmitted to each data storage device 3 through the wide area network 1000.

  At this time, if the storage location of the storage partial data to be read is known, a signal may be selectively transmitted only to the data storage device 3 of the storage location. Such a signal transmission mode is, for example, when the data transmission server 1 and the data restoration server 2 share information on the storage destination, or when the data transmission server 1 and the data described in [Modification] described later are used. The present invention is applicable when the restoration server 2 is composed of the same device.

  When the data storage device 3 receives the signal from the data restoration server 2, the data storage device 3 acquires the storage data identification information from this signal, and searches the storage partial data with the identification information added to the header. Then, the retrieved storage partial data is transmitted to the data restoration server 2.

  The data reading unit 22 receives the storage partial data transmitted by each data storage device 3 and transmits it to the read data determination unit 23. The stored partial data read by the data reading unit 22 may be referred to as read data.

(Read data judgment unit)
The read data determination unit 23 is an example of the “determination unit” of the present invention that determines whether each read data (including data block (group)) read by the data read unit 22 has been read properly. It corresponds to. The read data determination unit 23 includes a CPU 100.

  Here, “appropriately read” means that the original data block formed by the data dividing unit 12 of the data transmission server 1 is read in a state in which no alteration such as falsification or disappearance has occurred. It means that. Therefore, when the read data block is falsified or partially lost, or when the entire data block is lost and nothing is read, the read data determination unit 23 determines that the data block is It is determined that “It was not read properly”.

  The read data determination unit 23 acquires the check ID from the read data, generates the check ID of the data block (group) in the read data in the same manner as the check ID generation unit 14, and generates the check ID and the generated check ID By determining whether or not the check ID is the same, the appropriateness of the read data is determined.

  If it is determined that they are the same, it is determined that the data block (group) in the read data has been properly read, and a signal indicating that is sent to the data reading unit 22. Upon receiving this signal, the data reading unit 22 sends the corresponding read data to the restoration processing unit 24.

  On the other hand, if it is determined that the acquired check ID and the generated check ID are not the same, it is determined that the data block (group) in the read data has not been properly read, and a signal ( Error signal) is sent to the data reading unit 22. When the data reading unit 22 receives the error signal, the data reading unit 22 identifies the stored data identification information toward the data storage device 3 that stores the storage partial data including the parity data (group) of the data block (group) in the read data. A signal containing is transmitted. Upon receiving this signal, the data storage device 3 searches for the target storage partial data and transmits it to the data restoration server 2. This stored partial data (read data) is received by the data read unit 22 and sent to the read data determination unit 23.

  The read data determination unit 23 obtains a check ID from the read data, generates a check ID of parity data (group) in the read data, and determines their identity. If they are the same, the data reading unit 22 adds determination information such as a flag to the read data and sends it to the restoration processing unit 24. If they are not the same, a signal for displaying on the computer terminal 5 a message indicating that the data block corresponding to the parity data (group) cannot be restored is output.

  In addition, before acquiring the storage partial data including the parity data in this way, a step of reading again the read data that has not been properly read may be interposed. In the case of a simple transmission error due to the communication state of the wide area network 1000, data may be appropriately acquired by this re-reading process.

(Restore processing part)
The restoration processing unit 24 corresponds to an example of the “restoring means” of the present invention that restores the stored data based on the data block (group) in the read data read by the data reading unit 22. Consists of including. As described above, the restoration processing unit 24 includes the data reconstruction unit 25 and the data restoration unit 26.

  The restoration processing unit 24 sorts the read data by checking the presence / absence of the discrimination information such as the flag. Specifically, the read data (including parity data) to which the discrimination information is added is distributed to the data reconstruction unit 25, and the read data (including the data block) to which the discrimination information is not added. ) Are distributed to the data restoration unit 26. Note that when parity data is generated using parity bits, read data (including data blocks) that has not been properly read is also distributed to the data reconstruction unit 25.

(Data reconstruction part)
The data reconstruction unit 25 reconstructs a data block that is determined not to be properly read based on the parity data (group) in the read data that is read in response to the determination. It corresponds to an example of “re-forming means”.

  When the parity data is generated using exclusive OR, the data reconstruction unit 25 calculates the exclusive OR of the parity data and another data block that has been appropriately read out as in the conventional case. Then, the data block that has not been read properly is re-formed. When parity data is generated using parity bits, the data block that has not been read properly is restored for each unit data using the parity bit, thereby re-forming the data block.

  The reconstructed data block is sent to the data restoration unit 26.

(Data restoration part)
When all the read data is read properly, the read data is input to the data restoration unit 26. The data restoration unit 26 restores the stored data by connecting the data blocks in the read data in the original arrangement order. At this time, the arrangement of the data blocks is recognized with reference to separator information (described above) added to the header of each read data.

  On the other hand, when there is read data that has not been read properly, the data restoration unit 26 reads read data that has been read correctly (including data blocks) and read data that has not been read properly. The data block reconstructed for the data is input. The data restoration unit 26 restores the stored data by connecting these data blocks in the original arrangement order.

  The restored stored data is sent to the restored data transmission unit 27.

(Restored data transmission unit)
The restored data transmission unit 27 is configured to include the local communication interface 142 and transmits the storage data restored by the restoration processing unit 24 to the computer terminal 5 that is the read request source.

[Operation]
An example of the operation of the data storage system according to this embodiment configured as described above will be described. The flowchart shown in FIG. 4 represents an operation for causing the data storage device 3 to store data. The flowchart shown in FIG. 5 represents an operation for reading data from the data storage device 3.

[Data storage processing; Fig. 4]
The data storage process will be described with reference to the flowchart of FIG. First, when the user designates storage data by the computer terminal 4 and performs a storage request operation (S1), storage data and a storage request signal are input from the computer terminal 4 to the data transmission server 1 (S2).

  The data transmission server 1 divides the storage data and the storage request signal received by the storage request receiving unit 11 into n data blocks by the data dividing unit 12 (S3). At this time, predetermined information (described above) is given to each data block.

  Subsequently, the parity data generation unit 13 generates parity data for each of the n data blocks (S4). Here, as described above, parity data may be generated for a plurality of data blocks.

  The data transmission unit 15 groups n data blocks to form a data block group of the number n ′ (2 ≦ n ′ ≦ n) of the data storage devices 3 that are the transmission destinations (S5). The data transmission unit 15 groups the parity data of each data block generated by the parity data generation unit 14 to form m ′ (1 ≦ m ′ ≦ n) parity data groups (S6).

  The check ID generation unit 14 generates a check ID for each data block group and each parity data group (S7), and the data transmission unit 15 adds a corresponding check ID to each data block group and each parity data group. (S8). As a result, n ′ pieces of transmission data including a data block group and a check ID and m ′ pieces of transmission data including a parity data group and a check ID are formed.

  The data transmission unit 15 transmits each transmission data to the designated data storage device 3 through the wide area network 1000 (S9).

  The data storage device 3 that has received the transmission data uses the check ID to determine whether the transmission data has been properly transmitted (S10). When the transmission data is properly transmitted (S10; Y), the data storage device 3 stores the transmission data (S11) and returns a signal indicating completion of the storage process to the data transmission server 1 (S12). . In response to receiving this signal from all the transmission destinations, the data transmission server 1 displays a message indicating that the storage process has been completed on the requesting computer terminal 4 (S13), and ends the data storage process. .

  On the other hand, when the transmission data is not properly transmitted (S10; N), the data storage device 3 returns a signal requesting retransmission to the data transmission server 1 (S14), and the data transmission server 1 In response to this, the transmission data is retransmitted (S15). Here, if the number of retransmissions (for example, 3 times) is set in advance, and if the number of retransmissions does not allow proper transmission (S16; Y), an error message indicating that data storage has failed. Is displayed on the computer terminal 4 (S17), and the data storage process is terminated.

[Data read processing; FIG. 5]
The data reading process will be described with reference to the flowchart of FIG. First, when the user designates storage data by the computer terminal 5 and performs a read request operation (S21), a read request signal is input from the computer terminal 5 to the data restoration server 2 (S22).

  In the data restoration server 2, the data reading unit 22 reads n pieces of storage partial data (including data blocks) corresponding to the storage data requested to be read from the data storage device 3 through the wide area network 1000 (S 23). . The read data determining unit 23 determines whether or not each storage partial data (read data) has been read properly (S24).

  Note that storage partial data including parity data may also be read in step S23.

  When it is determined that all the n read data have been properly read (S24; Y), the data restoration unit 26 of the restoration processing unit 24 restores the stored data based on the n data blocks of the read data. (S25). Then, the restored stored data is transmitted to the computer terminal 5 that is the read request source (S26), and the data read process is terminated.

  On the other hand, if there is n read data that is determined not to be read properly (S24; N), the following processing is performed for this read data (referred to as “inappropriate read data”). Do.

  Here, since it is rarely determined that read processing from two or more data storage devices 3 is inappropriate at the same time, the following is a case where read processing from one data storage device 3 is inappropriate. explain.

  First, the data reading unit 22 reads the storage partial data from the data storage device 3 that stores the storage partial data including the parity data of the data block in the inappropriate read data (S27). The read data determining unit 23 determines whether or not the storage partial data has been read properly (S28).

  When it is determined that the data has not been properly read (S28; N), a message (error message) indicating that the requested stored data cannot be restored is displayed on the computer terminal 5 (S29), and the data reading process is terminated. Note that the stored data may be partially restored using the data block that has been properly read.

  On the other hand, when it is determined that the data has been properly read (S28; Y), the data re-forming unit 25 re-creates the data block in the improper read data based on the parity data (group) in the stored partial data. Form (S30). Further, the data restoration unit 26 restores the stored data based on the data block in the read data that has been properly read and the data block in the improper read data that has been recreated (S31). Then, the restored stored data is transmitted to the computer terminal 5 as the read request source (S32), and the data read process is terminated.

[Concrete example]
A specific example of the data storage process and the data read process of the present embodiment will be described with reference to FIG. This figure shows an example of storing two stored data simultaneously. Note that four data storage devices 3 are installed (N = 4).

[Specific example of data storage processing]
FIG. 6A shows two storage data D and E for which a storage request has been made (S1, S2). As shown in FIG. 6B, the data dividing unit 12 of the data transmission server 1 divides the storage data D into five data blocks D1, D2, D3, D4, and D5 and four storage data E. The data blocks E1, E2, E3, and E4 are divided into nine data blocks as a whole (S3).

  Here, the division number n = k × (N−1) = 3 × (4-1) = 9. Based on the division number n and the number of data storage devices 3 that are storage destinations of data blocks (N−1 = 3 in this case), the grouping mode in step S5 is determined. In this example, considering that n = 9 and N−1 = 3, nine data blocks D1 to D5 and E1 to E4 are grouped every three in this order.

  The parity data generation unit 13 selects one data block from each group (data block group) based on this grouping form, and generates parity data for the selected three data blocks. Thereby, three parity data P (D1 + D2 + D3), P (D4 + D5 + E1) and P (E2 + E3 + E4) shown in FIG. 6C are generated.

  As shown in FIG. 6C, the data transmitting unit 15 groups the data blocks D1, D4, and E2 to form a data block group G1, and groups the data blocks D2, D5, and E3 to group the data block group G2. And data blocks D3, E1, and E4 are grouped to form a data block group G3 (S5). Further, the parity data P (D1 + D2 + D3), P (D4 + D5 + E1), and P (E2 + E3 + E4) are grouped to form a parity data group P (S6).

  In addition, the data transmission unit 15 adds a check ID to each data block group G1, G2, G3 and parity data group P (S7, S8). Accordingly, as shown in FIG. 6D, three transmission data T1, T2, T3 including a data block group and a check ID, and one transmission data T4 including a parity data group and a check ID, Is formed.

  The data transmission unit 15 transmits the transmission data T1 to the data storage device 3-1, transmits the transmission data T2 to the data storage device 3-2, transmits the transmission data T3 to the data storage device 3-3, and transmits the transmission data. T4 is transmitted to the data storage device 3-4 and stored therein (S9 to S13). Since the processing (S14 to S17) when the transmission is not properly performed is the same as that in the above [Operation] section, the description thereof is omitted.

[Specific example of data read processing]
Still referring to FIG. The data storage devices 3-1, 3-2, 3-3, and 3-4 store storage partial data T1, T2, T3, and T4 shown in FIG. 6D, respectively. When the reading request for the storage data D and E is made (S21 and S22), the data reading unit 22 of the data restoration server 2 receives the storage partial data T1, from the data storage devices 3-1, 3-2, and 3-3. T2 and T3 are read out (S23).

  When it is determined that all the stored partial data (read data) T1, T2, and T3 have been properly read (S24; Y), the data restoration unit 26 selects the data block group G1 in the read data T1, T2, and T3, Based on the data blocks “D1, D4, E2”, “D2, D5, E3”, “D3, E1, E4” included in G2 and G3, respectively, the stored data D and E are restored (S25).

  Specifically, nine data blocks are acquired from the read data T1, T2, and T3, and an array of these data blocks is acquired with reference to data identification information and separator information (described above). Thereby, the arrangement of the data blocks constituting the storage data D is “D1, D2, D3, D4, D5”, and the arrangement of the data blocks constituting the storage data E is “E1, E2, E3, E4”. Is obtained. Then, the storage data D is restored by connecting the data blocks D1, D2, D3, D4, D5 in this arrangement order according to this arrangement, and the storage data E is connected by connecting the data blocks E1, E2, E3, E4 in this arrangement order. To restore.

  On the other hand, a case will be described in which there is data that is determined not to be read properly among the three read data T1, T2, and T3 (S24; N). Here, it is assumed that the read data T2 is not properly read.

  First, the data reading unit 22 reads the storage partial data T4 from the data storage device 3-4 (S27). When the storage partial data T4 is not properly read (S28; N), an error message is displayed (S29).

  On the other hand, when the storage partial data T4 is properly read (S28; Y), the data reconstruction unit 25 reads the parity data group P (see FIG. 6C) in the storage partial data T4 appropriately. Data blocks D2, D5, and E3 in the read data T2 are re-formed using the stored part data T1 and T3 that have been extracted (S30).

  Specifically, (1) the data block D2 is reformed based on the parity data P (D1 + D2 + D3), the data block D1, and the data block D3, and (2) the parity data P (D4 + D5 + E1), the data block D4, and the data block The data block D5 is reconfigured based on E1, and (3) the data block E3 is reconfigured based on the parity data P (E2 + E3 + E4), the data block E2, and the data block E4. When expressed schematically, (1) (D1 + D2 + D3) −D1−D3 = D2, (2) (D4 + D5 + E1) −D4−E1 = D5, (3) (E2 + E3 + E4) −E2−E4 = E3.

  The data restoring unit 26 includes data blocks (D1, D4, E2) and (D3, E1, E4) in the read data T1 and T3 that have been properly read, and data blocks ( The stored data D and E are restored based on D2, D5, and E3), respectively (S31). This restoration process is performed in the same manner as in step S25.

[Action / Effect]
The operation and effect of the data storage system according to this embodiment will be described.

  First, according to the present embodiment, storage data can be distributed and stored in a plurality of data storage devices 3 installed at geographically distant locations through the wide area network 1000. Therefore, only a part of the stored data is stored in each data storage device 3. Thus, even if data is leaked or stolen from a certain data storage device 3, the entire stored data is not leaked or stolen. The same applies to the case where data leaks during transmission through the wide area network 1000.

  Further, since the data storage device 3 is geographically separated, it is necessary to falsify data from a plurality of data storage devices 3 in order to falsify or steal the entire stored data. Have difficulty. For example, when data leakage from one data storage device 3 is found, the security for other data storage devices 3 can be strengthened, so that further data leakage can be prevented. In the conventional method of digitizing data and storing the same data in a plurality of data storage devices, if data leaks from one data storage device, all data leaks. There is nothing.

  “Security” means not only measures to ensure the safety of data leaks and tampering due to crimes and user errors, but also measures to ensure the safety of data loss due to disasters such as earthquakes and fires. It corresponds to what is called “crisis management”.

  As described above, by not including consecutive data blocks in the same data block group, meaningful information that can be read from data stored in each data storage device 3 or data transmitted over the wide area network 1000. The amount of can be reduced. That is, the data stored in each data storage device 3 and the data transmitted at once over the wide area network 1000 include a plurality of non-continuous data blocks, but meaningful information that can be read from the data is: It is about the data amount of each data block. As a result, even if data leaks, it is difficult to misuse it because it is difficult to read its meaning. In addition, since it is difficult to obtain meaningful information even if data is stolen, it is expected to suppress the occurrence of leakage and the like.

  In addition, even if the data stored in the data storage device 3 or the data being transmitted is falsified or lost, the falsified data can be recreated using parity data, and the stored data can be restored. can do. Therefore, even when tampering or the like occurs, it is possible to protect the entire stored data. Here, it is important that each parity data is stored in a data storage device 3 different from the corresponding data block. Whether or not data has been tampered with can be easily and effectively determined by check information (check ID).

  As described above, according to the data storage system according to the present embodiment, it is possible to improve security against various dangers such as data loss due to a disaster or the like, or data leakage / falsification due to a crime or the like.

  In addition, when this embodiment is applied, a great amount of cost is not required unlike other security protection measures such as encryption technology and password technology. Furthermore, with regard to the deterioration of the apparatus performance due to the increase in overhead, there is a possibility that the increase in overhead occurs only at the time of data reconstruction using parity data. That is, when using encryption technology or the like, since the encryption process and the decryption process are always performed when data is transmitted or received, the apparatus performance is constantly degraded. In such a configuration, the apparatus performance is expected to deteriorate only in rare cases such as when a disaster or crime occurs.

  Thus, according to the data archiving system according to the present embodiment, it is possible to provide a data archiving system with high security capability while effectively suppressing an increase in system introduction cost and operation cost.

  In addition, since the computerized data is stored, there is no storage space problem or data extraction time problem as in the case of using a print medium or a storage medium.

[Modification]
A modification of the data storage system according to this embodiment will be described. Note that the following modifications can be applied to the second embodiment described later as appropriate.

  In the above embodiment, one of the N data storage devices 3 is used for parity data storage, and the data blocks are distributed and stored in the other N−1 units. The distribution mode of the parity data is not limited to this.

  For example, both data blocks and parity data can be configured to be distributed to N data storage devices 3. One example will be described with reference to FIG. Here, the number of data storage devices 3 is three (N = 3).

  FIG. 7A shows the storage data F for which a storage request has been made. As shown in FIG. 7B, the data dividing unit 12 of the data transmission server 1 divides the storage data F into eight data blocks F1, F2, F3, F4, F5, F6, F7, and F8. The parity data generation unit 13 includes parity data P (1, 2) of the data blocks F1, F2, parity data P (3,4) of the data blocks F3, F4, and parity data P (5 of the data blocks F5, F6. , 6) and parity data P (7, 8) of data blocks F7, F8, respectively.

  As shown in FIG. 7C, the data transmission unit 15 groups the data block F1, the parity data P (3, 4), the data block F6, and the data block F7 to form a data group H1, and the data block F2 , Data block F3, parity data P (5, 6), and data block F8 are grouped to form data group H2, and parity data P (1, 2), data block F4, data block F5 and parity data P ( 7 and 8) are grouped to form a data group H3. Here, it is important to perform grouping so that each parity data belongs to a data group different from the corresponding data block.

  Further, although not shown, the check ID generation unit 14 generates check IDs for the data groups H1, H2, and H3, and the data transmission unit 15 adds check IDs to the data groups H1, H2, and H3. Thus, three transmission data are formed. Then, the data transmission unit 15 transmits transmission data including the data group H1 to the data storage device 3-1, transmits transmission data including the data group H2 to the data storage device 3-2, and includes transmission including the data group H3. Data is transmitted to the data storage device 3-3.

  Even when such a data distribution mode is applied, the same advantages as those of the above-described embodiment can be obtained. Further, according to the present modification, the stored data can be restored even if any of the N data storage devices 3 has been tampered with or deleted.

  In the above embodiment, the data transmission server 1 and the data restoration server 2 are configured as different devices, but both functions can be mounted on a single device. In that case, a data storage program 131 is installed which causes the computer to execute both the processing by the data transmission server 1 (data transmission processing; see FIG. 4) and the processing by the data restoration server 2 (data restoration processing; see FIG. 5). That's fine. As a result, it is possible to read and restore the data using the device that has requested the data storage, thereby improving the convenience of the system. Note that a data storage system according to a second embodiment described later applies such a configuration.

  Here, it is also possible to configure a system including a device that can execute only the data transmission process, a device that can execute only the data restoration process, and a device that can execute both processes. Further, the number of data transmission devices and the number of data restoration devices included in the system are arbitrary.

  The data storage system of the above embodiment includes various characteristic configurations according to the present invention. The data storage system according to the present invention only needs to have the following configuration.

  The first configuration according to the present invention includes the following elements: (1) A plurality of data storage devices 3 connected to the wide area network 1000 and installed geographically apart from each other; (2) data Data having a storage request receiving unit 11 that receives the storage request, a data dividing unit 12 that divides the data into data blocks, and a data transmission unit 15 that distributes the data blocks to a plurality of data storage devices 3 and transmits the data blocks Transmission server 1; (3) a read request receiving unit 21 for receiving a data read request, a data reading unit 22 for reading a data block corresponding to the data from the data storage device 3, and restoring data based on the data block A data restoration server 2 having a restoration processing unit 24. This first configuration is the basic configuration of the present invention.

  According to the first configuration, the stored data is distributed and stored in the data storage devices 3 that are installed apart from each other, so that the data can be dealt with in leakage. In addition, it is difficult to steal data by crime.

  The second configuration according to the present invention includes the following characteristics in addition to the first configuration: (1) The data transmission server 1 uses the parity data of each data block obtained by the data dividing unit 12 (2) The data transmission unit 15 of the data transmission server 1 transmits each parity data to the data storage device 3 different from the transmission destination of the corresponding data block; (3 ) The data restoration server 2 has a read data determination unit 23 that determines whether the data block is properly read by the data read unit 22; (4) the data read unit 22 is determined not to be read properly. Read out the parity data of the data block from the data storage device; (5) The restoration processing unit 24 recreates the data block based on the parity data That has a data reshaping section 25; (6) restoration processing unit 24, and data blocks that are determined to have been properly read, based on the the reshaped data blocks to recover the data.

  According to the second configuration, even when the data block is falsified or lost, the data block can be re-formed using the parity data, and the original data can be restored.

  The third configuration according to the present invention has the following characteristics in addition to the second configuration described above: (1) The data transmission server 1 sets the check ID of the data block obtained by the data dividing unit 12. (2) The data transmission unit 15 transmits each data block together with its check ID to the data storage device 3; (3) the data reading unit 22 transmits the data block to the check information. (4) The read data determination unit 23 determines whether the data block has been read properly based on the read check information.

  According to the third configuration, it is possible to easily and effectively determine whether or not data has been tampered with.

  According to a fourth configuration of the present invention, in the second configuration, a data storage device (for example, 3-N) for storing parity data is provided, and other data storage devices 3-1 to 3- (N-1) are provided. The data block is distributed and stored, and the variation of the distribution mode of the data block and the parity data is provided together with the above-described modification (see FIG. 7).

<Second Embodiment>
The data storage system according to the first embodiment described above is configured to store data in a distributed manner in a plurality of data storage devices arranged on a wide area network. On the other hand, the data storage system according to the present embodiment aims to improve the security of stored data by distributing data storage devices not only on a wide area network but also on a local network.

  FIG. 8 shows an example of the overall configuration of the data storage system according to the present embodiment. This data storage system is connected to data storage devices 3-1 to 3-N (N ≧ 1) similar to the first embodiment connected to the wide area network 1000, and to the wide area network 1000 and the local network 1001, respectively. The server 10 includes a data storage device 30 connected to the local network 1001, and computer terminals 40A, 40B, and 40C connected to the local network 1001.

  Here, it is sufficient that at least one data storage device 3 (first data storage device) on the wide area network 1000 is provided (in the first embodiment, a plurality of data storage devices 3 are provided). Further, the data storage device 30 (second data storage device) on the local network 1001 is installed at a location geographically distant from each data storage device 3. Therefore, the server 10 is also installed at a location away from each data storage device 3. The number of installed data storage devices 30 is not limited to one, and can be two or more.

  The server 10 corresponds to an example of the “data processing apparatus” of the present invention, and has the functions of both the data transmission server 1 and the data restoration server 2 in the first embodiment. That is, although not shown, the server 10 includes a storage request receiving unit 11, a data dividing unit 12, a parity data generating unit 13, a check ID generating unit 14, a data transmitting unit 15, a reading request receiving unit 21, and a data reading unit 22. , A read data determination unit 23, a restoration processing unit 24 (including a data reconstruction unit 25 and a data restoration unit 26), and a restoration data transmission unit 27 (see FIG. 2). These units operate in substantially the same manner as in the first embodiment. Hereinafter, differences from the first embodiment will be described.

  The data transmitting unit 15 of the server 10 transmits (distributed) some of the two or more data blocks obtained by the data dividing unit 12 to the data storage device 3 through the wide area network 1000 and other data blocks. Are transmitted (distributed) to the data storage device 30 through the local network.

  Further, the data transmission unit 15 transmits each parity data generated by the parity data generation unit 13 to the data storage device 3 or the data storage device 30 different from the transmission destination of the corresponding data block. This is realized by grouping each data block and its parity data so as to be included in transmission data sent to different data storage devices 3 and 30 (see FIG. 7C).

  The data reading unit 22 of the server 10 reads data blocks corresponding to the data for which the read request has been received from the data storage devices 3 and 30, respectively. The data restoration unit 26 restores data based on the data block read in this way.

  In addition, when there is a data block that is determined not to be read properly by the read data determining unit 23, the data reading unit 22 stores the parity data of the data block in the data storage device 3 or the data storage of the storage destination. Reading is performed from the device 30. The data reconstruction unit 25 reconstructs the data block based on the parity data, and the data restoration unit 26 reconstructs the data based on the appropriately acquired data block and the reconstructed data block. Restore.

  According to such a data storage system according to the present embodiment, using one or more data storage devices 3 connected to the wide area network 1000 and one or more data storage devices 30 connected to the local network 1001, Processing similar to that of the first embodiment (see FIGS. 4 and 5) can be executed.

  Therefore, as in the first embodiment, there are cases where data is leaked or stolen from either of the data storage devices 3 and 30, or when data is leaked while being transmitted through the wide area network 1000. However, the entire stored data does not leak.

  Further, since the data storage device 3 is installed at a location geographically separated from each other, and the data storage device 30 is installed at a location geographically separated from the data storage device 3, the entire storage data is falsified. It is difficult to do or steal.

  Even if data stored in the data storage devices 3 and 30 or data being transmitted is falsified or lost, the falsified data can be recreated using parity data, and the stored data Can be restored and the entire stored data can be protected.

  As described above, according to the data storage system according to the present embodiment, it is possible to improve security against various dangers such as data loss due to a disaster or the like, or data leakage / falsification due to a crime or the like.

  In addition, a large amount of cost is not required unlike security protection measures such as encryption technology, and it is possible to avoid a permanent decrease in device performance due to an increase in overhead. Therefore, according to this embodiment, it is possible to provide a data storage system with high security capability while suppressing an increase in cost.

  In addition, according to the data storage system according to the present embodiment, the following specific actions and effects are exhibited. In the data storage system according to the present embodiment, in addition to the data storage device 3 on the wide area network 1000, the data storage device 30 is installed on the same local network 1001 as the server 10, and these data storage devices 3, 30 Therefore, at least a part of the storage data is transmitted only through the local network 1001 without passing through the wide area network 1000. Therefore, even if all data passing through the wide area network 1000 is leaked, the entire stored data is not leaked, and the risk of leaking meaningful information can be reduced.

[Others]
The data archiving program 131 that causes the data transmission server 1, the data restoration server 2, and the server 10 to execute the processes according to the first and second embodiments can be stored in an arbitrary storage medium (media) in a computer-readable manner. . As the storage medium, floppy (registered trademark) disk, CD-ROM, CD-R (W), DVD-ROM, DVD-R (W), DVD-RAM, MO, various memory cards, and other electrical methods, It is possible to use one configured to store data by any physical method such as a magnetic method or an optical method.

  The configuration described above is merely an example of a specific configuration for favorably implementing the data storage system according to the present invention. Therefore, arbitrary modifications within the scope of the present invention can be appropriately made.

1 is a schematic system configuration diagram showing an example of an overall configuration of a first embodiment of a data storage system according to the present invention. It is a schematic block diagram showing an example of functional composition of a data transmission server and a data restoration server in a 1st embodiment of a data storage system concerning the present invention. It is a schematic block diagram showing an example of the hardware constitutions of the data transmission server and data restoration server in 1st Embodiment of the data storage system which concerns on this invention. It is a flowchart showing an example of the data storage process by 1st Embodiment of the data storage system which concerns on this invention. It is a flowchart showing an example of the data reading process by 1st Embodiment of the data storage system which concerns on this invention. It is a schematic explanatory drawing for demonstrating one specific example of the data storage process by 1st Embodiment of the data storage system which concerns on this invention. It is a schematic explanatory drawing for demonstrating one specific example of the data storage process by the modification of 1st Embodiment of the data storage system which concerns on this invention. It is a schematic system block diagram showing an example of the whole structure of 2nd Embodiment of the data storage system which concerns on this invention.

Explanation of symbols

DESCRIPTION OF SYMBOLS 1 Data transmission server 11 Storage request reception part 12 Data division part 13 Parity data generation part 14 Check ID generation part 15 Data transmission part 2 Data restoration server 21 Read request reception part 22 Data reading part 23 Read data judgment part 24 Restoration process part 25 Data reconstruction unit 26 Data restoration unit 27 Restored data transmission unit 100 CPU
DESCRIPTION OF SYMBOLS 130 Hard disk drive 131 Data storage program 140 Communication interface 141 Wide area communication interface 142 Local communication interface 3, 3-1, 3-2, ..., 3-N, 30 Data storage device 4A, 4B, 4C, 5A, 5B 40A, 40B, 40C Computer terminal 10 Server 1000 Wide area network 1001, 1002 Local network

Claims (6)

A plurality of data storage devices connected to a wide area network and installed geographically apart from each other;
A storage request receiving unit that is connected to the wide area network and receives a data storage request; a dividing unit that divides the data for which the storage request has been received into two or more data blocks; and obtained by the dividing unit through the wide area network. A data transmission device comprising: a transmission means for distributing and transmitting the two or more data blocks distributed to the plurality of data storage devices;
Read request accepting means connected to the wide area network and accepting a data read request; and read means for reading out two or more data blocks corresponding to the data for which the read request has been accepted from the plurality of data storage devices through the wide area network. And a data restoration device comprising restoration means for restoring the data based on the two or more read data blocks,
A data storage system comprising: The data transmission device further includes parity data generation means for generating parity data of each data block based on two or more data blocks obtained by the dividing means,
The transmission means transmits the generated parity data to a data storage device different from the transmission destination of the corresponding data block,
The data restoration device further includes a determination unit that determines whether each data block read by the reading unit has been properly read from the storage destination data storage device,
The reading means reads the parity data of the data block determined to have not been properly read from the data storage device of the storage destination,
The restoration means includes
Re-forming means for re-forming the data block determined not to be properly read based on the read parity data;
Restoring the data based on the data block determined to be properly read by the determination means and the re-formed data block;
The data storage system according to claim 1. The data transmission device includes:
Check information generating means for generating check information reflecting the data structure of each of the two or more data blocks obtained by the dividing means;
The transmission means transmits the two or more data blocks together with the check information,
The reading means of the data restoration device reads the two or more data blocks together with their check information,
The determination means determines whether each of the two or more read data blocks has been properly read based on the check information.
The data storage system according to claim 2.   The transmission unit of the data transmission device transmits parity data of each data block generated by the parity data generation unit to one of the plurality of data storage devices, and transmits the two or more data blocks to the data storage device. The data storage system according to claim 2, wherein the data storage system is distributed and transmitted to the plurality of data storage devices except for one. One or more first data storage devices connected to a wide area network and geographically separated from each other, and installed at a location geographically separated from the first data storage device and connected to a local network One or more second data storage devices installed geographically away from the first storage device;
A storage request receiving unit that is connected to each of the wide area network and the local network and receives a data storage request; a dividing unit that divides the data for which the storage request has been received into two or more data blocks; A transmission means for distributing and transmitting two or more data blocks obtained by the dividing means to the first and second data storage devices through the local network; a read request receiving means for receiving a data read request; Read means for reading two or more data blocks corresponding to the data for which the read request has been accepted from the first and second data storage devices through the wide area network and the local network, and the two or more read data Restore the data based on the block A data processing device having a means,
A data storage system comprising: The data processing device is configured to generate parity data of each data block based on two or more data blocks obtained by the dividing unit, and each data block read by the reading unit. A judgment means for judging whether the data is properly read from the first or second data storage device of the storage destination;
The transmission means transmits each parity data generated by the parity data generation means to the first or second data storage device different from the transmission destination of the corresponding data block,
The reading unit reads the parity data of the data block determined not to be properly read by the determining unit from the first or second data storage device of the storage destination,
The restoration means includes a reforming means for reforming the data block determined not to be properly read based on the read parity data, and is determined to have been properly read by the determination means. Restoring the data based on the data block and the reconstructed data block;
The data storage system according to claim 5, wherein:

Images