JP2007241461A - Data management device, data management method and recording medium with data management program recorded thereon - Google Patents

Abstract

<P>PROBLEM TO BE SOLVED: To manage data through simple configuration. <P>SOLUTION: The data of the whole data fields of data records are read (step 302), and the data field with which dummy data are replaced is determined (step 306), and the dummy data are generated (step 310). The normal data of read data records are replaced with the dummy data, and data records are generated (step 312). This is repeated, so that data records corresponding to a set database are generated, and the data records are transmitted to each server device (step 326). <P>COPYRIGHT: (C)2007,JPO&INPIT

Description

  The present invention relates to a data management apparatus, a management method, and a recording medium on which a data management program is recorded. In particular, the present invention records a data management apparatus, a data management method, and a data management program for managing a plurality of data used for a database or the like. The present invention relates to a recording medium.

  A database system is known as an example of managing a lot of related data. With the recent development of information communication equipment, this database system has become available in a network environment via a communication line. For example, a client device can be connected to an application server device that executes a specific application program for processing a database or the like via a communication line, and a database operated on the application server device can be used from the client device. Database systems are generally known.

However, as is known as the so-called Internet, in a network environment via a communication line, there is a possibility that a third party client device that is not expected to use it connects to the application server device and the database is used. . For this reason, the security of database systems has been improved by introducing an authentication system or the like that suppresses unexpected third party use. For example, an unauthorized access prevention service system that includes a security server device that detects unauthorized access between a client device and an application server device and changes the connection destination of the client device from an application server device to a dummy server device when unauthorized access is detected. Is known (see Patent Document 1). In this unauthorized access prevention service system, in addition to the application server device, a security server device and a dummy server device for detecting unauthorized access between the client device and the application server device are provided independently, and the security server device is illegally accessed from the client device. When an access is detected, unauthorized access to the application server device is prohibited by transfer connection to the dummy server device.
JP 2002-41468 A

  However, in the conventional unauthorized access prevention service system, a dedicated system provided with three types of independent server devices having different functions, that is, a security server device, an application server device that executes a predetermined application program, and a dummy server device is constructed. There is a need to.

  In consideration of the above facts, the present invention provides a data management apparatus, a data management method, and a recording medium on which a data management program is recorded, which can easily manage a plurality of data such as a database with a simple configuration. With the goal.

  In order to achieve the above object, the data management apparatus of the present invention includes a plurality of storage units each storing a database having a predetermined structure in which a data group consisting of a plurality of fields for inputting data is a unit data record. A storage means for storing the data record, and a storage data record for generating dummy data different from normal data in at least one field of the data record and replacing the normal data with the dummy data Generating means for generating the data record.

  In the data management apparatus according to the present invention, the data record is stored by the storage means in a plurality of storage means each storing the database. The database has a predetermined structure in which a data group including a plurality of fields for inputting data is used as one unit data record. The generation means generates a storage data record in which regular data is replaced with dummy data. The dummy data is generated by the generation means so as to be different from the normal data in at least one field of the data record. Thus, in the data management device of the present invention, at least one field of the data record is replaced with dummy data and stored in each of the plurality of storage means, so the data record stored in the storage means is regular data It becomes different from the record, and it becomes difficult to obtain a regular data record from the storage means, and security can be improved. As described above, only by storing data records mixed with dummy data in each of a plurality of storage means, security can be improved, and there is no need to provide a dedicated server device, and a plurality of data in a database can be easily configured with a simple configuration. Can manage.

  The generating means includes setting means for setting different field positions for each of the storage means.

  When the position of a field to be replaced with dummy data is fixed, it may be easy to determine dummy data. Therefore, in the present invention, the setting means included in the generation means sets a different field position for each storage means as the position of the field to be replaced with dummy data. Thereby, dummy data can be arranged discretely. Therefore, it becomes difficult to determine dummy data, and security can be improved. Note that the total number of dummy data for the same field is preferably less than half of the total number of storage means.

  The generating means generates different dummy data for each of the storage means.

  When the value of the dummy data is fixed, the determination of the dummy data may be easy. Therefore, in the present invention, the generation unit generates different dummy data for each storage unit. Thereby, the value of dummy data can be made discrete. Therefore, it becomes difficult to determine dummy data, and security can be improved.

  The generating means generates dummy data according to a predetermined rule corresponding to each of the storage means.

  When unauthorized access is made, it is preferable to be able to specify which storage means is accessed. Therefore, in the present invention, it is possible to specify the storage means from the leaked data. Specifically, the generation unit generates dummy data according to a predetermined rule corresponding to each storage unit. According to this predetermined rule, it is possible to specify which storage means stores the dummy data from the dummy data. Therefore, for example, when database data is leaked due to unauthorized access by a third party, it is possible to specify from which storage means the database is leaked by dummy data included in the database.

  An acquisition unit that acquires the data record stored in each of the plurality of storage units, and a plurality of data records acquired by the acquisition unit, the most data included in the data group of the same field is stored in the field of the normal data It further comprises a data and a certification means for certification.

  The data management apparatus of the present invention further includes an acquisition unit and an authentication unit. The acquisition unit acquires a data record stored in each of the plurality of storage units. From the viewpoint of improving security, the dummy data preferably has, for example, discrete positions and values of fields to be replaced for each storage means. In this case, the data included most in the data group of the same field is The accuracy of regular data is high. Therefore, the certification means authorizes the largest number of data included in the data group of the same field as the data of the regular data field for the plurality of data records acquired by the acquisition means. As described above, since the data included most in the data group of the same field is recognized as the regular data, the regular data can be easily obtained.

  The data management apparatus of the present invention can be realized by executing the following data management method steps. Specifically, information is exchanged via a communication line to each of a plurality of storage means each storing a database having a predetermined structure in which a data group of a plurality of fields for inputting data is a unit data record. A management method for managing data in a computer, wherein the computer stores the data record in each of the storage means, and dummy data different from normal data in at least one field of the data record. And generating a storage data record in which the regular data is replaced with the dummy data as the data record.

  The data management apparatus of the present invention can be realized by executing a data management program for a recording medium on which the following data management program is recorded. Specifically, the step of storing the data record in each of a plurality of storage means each storing a database having a predetermined structure in which a data group consisting of a plurality of fields for inputting data is a unit data record. Generating a dummy data different from the normal data in at least one field of the data record and generating a storage data record in which the normal data is replaced with the dummy data as the data record. The data management program to be recorded is recorded.

  As described above, according to the present invention, the data record including the dummy data different from the regular data is generated and stored in each of the plurality of storage means. Therefore, a plurality of data such as a database can be stored with a simple configuration. There is an effect that it can be easily managed.

  Hereinafter, an example of implementation of the present invention will be described in detail with reference to the drawings.

[First Embodiment]
FIG. 1 shows a schematic configuration of a data management apparatus 10 according to the present embodiment. The data management apparatus 10 according to the present embodiment includes a plurality of (three in the present embodiment) general-purpose server apparatuses that can operate programs such as application programs independently and a client apparatus that is operated by a user. .

  In this embodiment, a database application program is used as the application program. The database used in the database application program will be described using an address book as an example.

  The structure of the database is a predetermined structure in which a data group composed of a plurality of data fields for inputting data is used as one unit data record. Specifically, the database according to the present embodiment has a predetermined structure in which a data group including four data fields of name, address, age, and occupation is used as one unit data record.

  The client device 20 is connected to the first server device 40A, the second server device 40B, and the third server device 40C through a communication line 58 so that data and commands can be transmitted and received. The connection between the client device 20 and the first to third server devices 40A, 40B, and 40C may be made only when the authentication device 50 authenticates.

  The client device 20 includes a CPU 22, a ROM 24, a RAM 26, and an I / O 30, which are connected so as to be able to exchange commands and data. Connected to the I / O 30 are a communication device 32, a display device 34 such as a monitor, an input device 36 such as a keyboard, and a memory 28 in which a program for executing a processing routine described later is stored in advance. The communication device 32 is for transmitting and receiving data and commands to and from the first to third server devices 40A, 40B, and 40C through the communication line 58.

  The first server device 40A includes a CPU 42A, a ROM 44A, a RAM 46A, and an I / O 50A, which are connected so as to be able to exchange commands and data. Connected to the I / O 50A are a communication device 52A for connecting to the client device 20, a memory 48A storing a database application program and the like, and a memory 54A storing a first database (first DB) 56A. . Since the second server device 40B and the third server device 40C have substantially the same configuration as the first server device 40A, detailed description thereof is omitted. The CPUs 42B and 42C correspond to the CPU 42A, the ROMs 44B and 44C correspond to the ROM 44A, the RAMs 46B and 46C correspond to the RAM 46A, the memories 48B and 48C correspond to the memory 48A, and the I / O 50B and 50C correspond to the I / O 50A. Correspondingly, the communication devices 52B and 52C correspond to the communication device 52A, and the memories 54B and 54C correspond to the memory 54A. The memory 54B stores a second database (second DB) 56B, and the memory 54C stores a third database (third DB) 56C. Note that general-purpose server devices can be used as the first to third server devices 40A, 40B, and 40C.

  In the present embodiment, three server devices connected to the client device 20 are configured. However, the number of server devices is not limited to this, and it is sufficient that four or more databases can be stored.

  Next, the operation of the present embodiment will be described.

(Overall processing)
In the data management apparatus 10 according to the present embodiment, after the power is turned on in the client apparatus 20, the main routine shown in FIG. In step 100, first, a predetermined number of databases and database setting values such as database names are read from the memory 28.

  In the next step 102, it is determined whether there is a built database, that is, whether the existing database is used or a new database is built. This determination may be performed based on an input value from the input device 36 of the client device 20 or may be automatically performed based on the presence / absence of the database name read in step 100. If it is determined that the database has not been constructed (negative determination), the process proceeds to step 104. In step 104, a new database construction process is executed. Although details of step 104 will be described later (FIG. 3), this is a process of setting the number and names of databases and constructing a new database.

  In the next step 106, the input value of the input device 36 is read to determine whether or not to end the present process. If the determination is affirmative, the present routine is ended. On the other hand, if the determination is negative, the process returns to step 100.

  On the other hand, if the database has been constructed and the determination in step 102 is affirmative, the process proceeds to step 108, and a process selection screen (not shown) for the user to select a process in the database is displayed on the display device 34. Along with this display, a process selected by any one of addition, update, reference, and others is read.

  In the next step 110, it is determined whether or not the read process is an additional process. In the case of an affirmative determination, the process proceeds to step 112, and after performing additional processing (FIG. 4) whose details will be described later, the process proceeds to step 106. Step 112 is a process for adding new data to the constructed database. On the other hand, if the determination in step 110 is negative, the process proceeds to step 114 to determine whether the read process is an update process. If the determination is affirmative, the process proceeds to step 116, and after performing an update process (FIG. 9), the details of which will be described later, the process proceeds to step 106. Step 116 is a process for rewriting (updating) the existing data in the constructed database with new data. On the other hand, if the determination in step 114 is negative, the process proceeds to step 118 to determine whether the read process is a reference process. In the case of an affirmative determination, the process proceeds to step 120, and after performing a reference process (FIG. 6) described later in detail, the process proceeds to step 106. Step 120 is a process for referring to the value of existing data in the constructed database. On the other hand, if the processing read in step 108 is other processing such as database maintenance other than addition, update, or reference, for example, if a negative determination is made in step 118, the processing proceeds to step 122, and other processing is executed. After that, the routine proceeds to step 106. If the result in step 106 is negative, this routine is repeated. If the result is affirmative, this routine is terminated.

(New construction process)
Next, the new construction process in step 104 will be described in detail. The new construction process is a process for setting a database structure or the like and newly constructing a database in which no data is stored.

  In the new construction process of step 104, the processing routine of FIG. 3 is executed. First, when a new construction process is executed, the process proceeds to step 200, where the number and names of databases are set. The number and names of the databases may be set by, for example, reading an input value input by the user using the input device 36 or reading a predetermined value from the memory 28.

  In the next step 202, the predetermined structure of the database, that is, the number and name of a plurality of data fields for inputting each data constituting one unit of data record is set. The number of data fields and the names may be set by, for example, reading an input value input by the user using the input device 36 or reading a predetermined value from the memory 28. In the present embodiment, four data fields of name, address, age, and occupation are read from the input values and set as data fields.

  In the next step 204, it is determined whether there are other settings. If there are no other settings, the process proceeds to step 206. In step 206, the server apparatus of each database set in step 200, here, the first to third server apparatuses 40A, 40B, and 40C are instructed to create a database by outputting the database structure, This process ends.

  On the other hand, if the determination in step 204 is affirmative, the process proceeds to step 208. In step 208, dummy data and the like are set. Here, the dummy data is set differently for each server device and each data field as the dummy data setting. For example, the dummy data may be set by reading an input value input by the user through the input device 36 or by reading a predetermined value from the memory 28. The set dummy data is stored in the memory 28. Thereafter, the process proceeds to step 206, where the creation of the database is instructed, and this process ends.

  As a result, the first server device 40A, the second server device 40B, and the third server device 40C receive the database creation instructions at the communication devices 52A, 52B, and 52C, respectively, and set the setting values set in step 200 and step 202. Corresponding databases are respectively created and stored in the memories 54A, 54B and 54C. Accordingly, the first database 56A created by the first server device 40A is stored in the memory 54A, and the second database 56B created by the second server device 40B is stored in the memory 54B. The third database 56C created by the server device 40C is stored in the memory 54C.

  Since the database is already constructed by this process, each process for the database will be described in detail below.

(Additional processing)
The adding process in step 110 is a process of adding a new data record to the constructed database. Here, the case where A's data record including Mr. A's name, address, age, and occupation data is added to the database constructed by the above new construction process will be described in detail with reference to FIGS. .

  In the additional processing of step 110, the processing routine of FIG. First, when the addition process is executed, the process proceeds to step 300, and the structure of the database such as the names of all data fields is displayed as an input screen (not shown).

  In the next step 302, the input values of the data in all data fields F in the data record R are read. Here, all data field values F (data fields 64, 66, 68, 69 in FIG. 5) in A's data record R (regular data record R in FIG. 5) are read.

  In the next step 304, the number of databases K = 3 set in the new construction process is read from the memory 28, and the process proceeds to step 306. In step 306, a data field for replacing the dummy data is determined and stored in the memory 28. The number of data fields that replace dummy data in the same data field is determined to be less than half of the number of databases. Here, since the number of databases K = 3, the number of data fields for replacing dummy data is one. Further, as a data field for replacing the name, a data field of the first database 56A, a data field of replacing the address, a data field of the second database 56B, and a data field of replacing the age of the third database 56C. The data field of the first database 56A is determined as the data field and the data field for replacing the occupation, and is stored in the memory 28. The data field for replacing the dummy data is not limited to this, but it is preferable to allocate a data field for replacing the dummy data so that all data fields do not become regular data in order to improve security.

  In the next step 308, the target database is set to the first database (first database 56A), and in the next step 310, dummy data of the data field determined in step 306 is generated. The dummy data is generated for each data field in the same format as the regular data. Here, a dummy name 64A corresponding to Mr. A's name 64 and a dummy occupation 69A corresponding to Mr. A's occupation 69 are read from the memory 28 and generated as dummy data.

  The dummy data may be generated so as to be different from the regular data without using different dummy data for each data field or different dummy data for each server device. However, if the dummy data is data that can be identified as dummy data, the identification becomes easy. Therefore, it is difficult to identify the dummy data itself by generating inconsistent dummy data that is indistinguishable from regular data in the same format as regular data for each data field.

  In the next step 312, an additional record R (1) is generated and stored in the memory 28. It is assumed that the additional record R (i) {1 ≦ i ≦ 3: number representing a database}. The additional record R (1) is generated by replacing the name of the read regular data record R and the regular data in the occupation data field with the dummy data generated in step 310. Through the processes in steps 306 to 312, the process for generating the additional record R (1) to be added to the first database 56A is completed.

  In the next step 314, it is determined whether or not the set database is the last database. If negative in step 314, proceed to step 316 to set the next database, return to step 310, repeat the process to generate an additional record R (2) for addition to the second database, and An additional record R (3) to be added to the third database is generated. The additional record R (2) has a structure in which the dummy address 66A corresponding to Mr. A's address 66 is replaced. In the additional record R (3), the dummy age 68C corresponding to Mr. A's age 68 is obtained. It becomes a substituted structure. In this way, additional records R (1), R (2), and R (3) in which a part of the data field is replaced from the regular data to the dummy data are generated and stored in the memory 28. It is affirmed at step 314, and the process proceeds from step 318 to add them to each database.

  In step 318, for each target server device (first server device 40A, second server device 40B, third server device 40C), each database (first database 56A, second database 56B, third database 56C). Send instructions to lock. The database is locked in order to prevent other users from accessing the database at the same time and adding data.

  In the next step 320, the first server device 40A = S (1) is set as the first server device S. It is assumed that the server device S (i) {1 ≦ i ≦ 3: a number representing the server device}. In the next step 322, a new record for registering the additional record R (1) is obtained from the first database 56A. Note that the record IDs included in the new record have the same value for the additional record R (1), the additional record R (2), and the additional record R (3). Here, (0001) is acquired as the record ID.

  In the next step 324, the additional record R (1) is read from the memory 28. In the next step 326, data is transmitted to the first server device 40A so that the additional record R (1) is added to the server S (1) as a new record with the record ID (0001).

  In the next step 328, whether or not the set server apparatus S is the last server apparatus, that is, whether or not data is transmitted so as to add an additional record as a new record to all the server apparatuses 40A, 40B, and 40C. Judging. If the result is NO in step 328, the process proceeds to step 330, the next server apparatus S is set, the process returns to step 322, and the process is repeated to add an additional record R (2) to the second server apparatus 40B = S (2). Data is transmitted so as to be added as a new record, and data is transmitted so that the additional record R (3) is added as a new record to the third server device 40C = S (3).

  In this way, when the data of the additional records R (1), R (2), and R (3) is transmitted to the first to third server devices 40A, 40B, and 40C, respectively, affirmative is obtained in step 328, and step 332 is performed. To the first to third server devices 40A, 40B, and 40C, an instruction is sent to release the lock of the first to third databases 56A, 56B, and 56C performed in step 318, and this process is performed. finish.

  As described above, the additional records R (1), R (2), and R (3) using the dummy data unique to the first to third server devices 40A, 40B, and 40C by the additional process of FIG. 112 (FIG. 4). Can be stored in the corresponding server device (database), the first database 54A has an additional record R (1), the second database 54B has an additional record R (2), and the third database In 54C, the additional record R (3) is added to the data record having the same record ID.

  Therefore, an additional record in which dummy data different from normal data in at least one data field of the normal data record R is generated and the normal data is replaced with dummy data in each of the first to third server devices 40A, 40B, and 40C. R can be added.

  Note that the processing of steps 304 to 316 of the present embodiment corresponds to the generation means of the present invention, the processing of step 30 corresponds to the setting means of the present invention, and the processing of steps 320 to 330 is the storage of the present invention. Corresponds to the means.

  As described above, in this embodiment, dummy data different from normal data in at least one data field of a data record is generated, and an additional record in which normal data is replaced with dummy data is generated and stored in a plurality of server devices. can do. Thereby, it becomes difficult to obtain a regular data record only from the data record stored in one server device, and security can be improved. For example, it is difficult to obtain a legitimate data record even if a third party illegally accesses any one of a plurality of server devices, refers to a database, or is stolen. , Improve security.

  In this embodiment, since dummy data is generated and stored in each database, a plurality of data in the database can be easily managed with a simple configuration. For example, data management has different functions. A complicated apparatus configuration such as providing a plurality of server apparatuses is not required. For example, general-purpose databases and server apparatuses can be used.

  Further, in the present embodiment, since the dummy data is data in the same format as the regular data, it is difficult to determine from only the dummy data that it is dummy data. For example, even if a third party illegally accesses the server device and references or steals the database, it is difficult for the third party to identify dummy data. It is possible to make it difficult to determine whether or not unauthorized access has failed. Therefore, security can be improved.

  Furthermore, in this embodiment, since different dummy data is stored for each server device, it is difficult to determine that the data is dummy data from a plurality of server devices. It is difficult for the three parties to determine that dummy data is included (unauthorized access has failed). Therefore, security can be improved.

  Furthermore, in the present embodiment, dummy data is determined and stored in advance so as to be different for each server device and each data field, and dummy data is generated based on this, so refer to the predetermined dummy data. As a result, the server device storing the dummy data can be identified from the dummy data. For example, if a database is leaked by a third party who has illegally accessed the server device, the dummy data contained in the leaked database can identify the server device from which the database has leaked. Useful for determining the route that was accessed.

(Reference processing)
The reference process in step 120 is a process of searching for desired data from a database and referring to it. Here, the case where Mr. A's name is searched and the address of Mr. A is referred to will be described in detail with reference to FIGS. FIG. 8 is an explanatory diagram of the reference process, and arrows in the figure indicate the flow of individual processes included in the reference process.

  In the reference process of step 120, the processing routine of FIG. First, when the reference process is executed, the process proceeds to step 400, a reference instruction screen (search target field and reference field input screen not shown) is displayed on the display device 34, and the process proceeds to step 402. In step 402, the value of the search target field, which is the input value, and the name of the reference field are read. Here, Mr. A's name (search target field) and address (reference field name) are read.

  A plurality of data records generated from the same data record by the addition process are stored with the same record ID. In the present embodiment, all data records corresponding to the same person are stored with the same record ID, and the data record of Mr. A is stored in the record ID (0001). Therefore, in the next step 404, the record ID is set to the first record ID and stored in the memory. In the next step 406, the majority data is extracted from the mixture of dummy data and regular data to extract regular data, and the search target field value (regular field value) in the set record ID is acquired. .

  Here, the majority process in step 406 will be described in detail. This process is a process for extracting regular data from data in which regular data and dummy data are mixed by majority vote.

  In the majority process of step 406, the processing routine of FIG. 7 is executed. First, when the majority process is executed, the process proceeds to step 500 to acquire the set record ID and the name of the search target field (name). In the next step 502, the database to be processed is set as the first database (first database 56A), and the process proceeds to step 504. In step 504, the set record ID (first record ID) is acquired from the memory 28, and the data record corresponding to the record ID is acquired from the set database. In the next step 506, the data of the search target field (name) is acquired from the acquired data record and stored in the memory 28. The processing from step 500 to step 506 corresponds to the processing 70 for searching by the name shown in FIG. Specifically, when the set record ID is 0001, a search is performed by name, a dummy name 64A is obtained from the first database 56A (process 70A in FIG. 8), and from the second database 56B. Mr. A's name 64 is acquired (process 70B in FIG. 8), and Mr. A's name 64 is acquired from the third database 56C (process 70C in FIG. 8), and each is stored in the memory 28.

  In the next step 508, it is determined whether the current database is the last database. If the determination is negative, the process proceeds to step 510, the next database is set, and the process returns to step 504. When the process for the last database is completed, the result in step 508 is affirmative and the process proceeds to step 512.

  In step 512, after executing the majority process for outputting the most data from the data of the search target field (name) stored in the memory 28, this routine is terminated. In the present embodiment, in the data group of the same field, there are more regular data than dummy data, so there is the most regular data. Here, since the name 64 of Mr. A is the largest, the name 64 of Mr. A is determined by the process (process 72 in FIG. 8) (value by the processes 72B and 72C shown by solid lines in FIG. 8), and is output. .

  When the majority process for the search target field is completed, the process proceeds to step 408 in FIG. In step 408, it is determined whether or not the data in the search target field output by the majority process matches the data in the search target field read in step 402. If the data do not match, the result is negative in step 408 and the process proceeds to step 410. In step 410, it is determined whether or not the current record ID is the last record ID. If the determination is negative, the next record ID is set in step 412 and then the process returns to step 406. In the case of the last record ID, an affirmative determination is made in step 410, an error process is performed in step 414, and the process is terminated. An example of error processing includes instructing the display device 34 to display an indication that the reference has failed.

  On the other hand, if the result in step 408 is affirmative, the process proceeds to step 416 to execute the majority process for the reference field.

  The reference field majority process in step 416 executes substantially the same process as the above-described majority process in step 406 to acquire reference field (address) data. The current record ID and reference field (address) are acquired (step 500), set in the first database (step 502), and the record corresponding to the record ID is acquired from the database (step 504, process 74 in FIG. 8). . In the next step 506, reference field (address) data is acquired from the acquired data record (process 76 in FIG. 8) and stored in the memory 28 (step 506). Specifically, referring to the address of record ID (0001), Mr. A's address 66 is obtained from Mr. A's record R (1) (process 76A in FIG. 8), and Mr. A's record R (2). The dummy address 66 is acquired from the record (process 76B in FIG. 8), and the address 66 of Mr. A is acquired from the record R (3) of Mr. A (process 76C in FIG. 8), and each is stored in the memory 28.

  In the next step 508, it is determined whether or not the current database is the last database. If not, the next database is set (step 510), and the process returns to step 504. When the process for the last database is completed (Yes in step 508), the process proceeds to step 512. In step 512, after executing the majority process for outputting the most data from the data of the reference field (address) stored in the memory 28, this routine is terminated. Here, since Mr. A's address 66 is the largest, Mr. A's address 66 is determined by the process (process 78 in FIG. 8) (value by the processes 78A and 78C indicated by solid lines in FIG. 8), and is output. Go to step 418.

  In step 418, the output reference field (address) data (Mr. A's address 66) is displayed on the display device 34, and the process is terminated.

  In addition, the process of step 504 of this Embodiment respond | corresponds to the acquisition means of this invention, and the process of step 406 respond | corresponds to the recognition means of this invention.

  As described above, in this embodiment, a data record is acquired from each of the server devices, the majority process is performed, and the most data is acquired as normal data. Therefore, the normal record in at least one field of the data record is acquired. Regular data can be obtained from a data record in which data is replaced with dummy data.

(Update process)
The update process in step 116 is a process of rewriting (updating) the data content of the data record stored in the database. Here, the case where Mr. A's address is updated to a new address will be described in detail with reference to FIG.

  The update process includes substantially the same process as the add process (FIG. 4) and the reference process (FIGS. 6 and 7), and therefore the same process is denoted by the same reference numeral and detailed description thereof is omitted. The difference between FIG. 6 and FIG. 9 is that step 400 is changed to step 800, step 402 is changed to step 802, and steps 416 and 418 are changed to step 804 update processing (steps 306 to 332 in FIG. 4). It has changed.

  In the update process of step 116, the processing routine of FIG. First, when the update process is executed, the process proceeds to step 800, where an instruction to display an update instruction screen (search target field and update field input screen, not shown) on the display device 34 is issued. In the next step 802, the input search target field data (Mr. A's name) and update target field data (Mr. A's address to be updated) are read. Next, the processing of steps 404 to 414 described above is performed. If the data of the search target field output by the majority process does not match the data of the search target field read in 802 even after searching up to the last record ID (No in step 408, positive in step 410), step 414 Error processing is performed, and this processing ends. On the other hand, if the data in the search target field output by the majority process matches the data in the search target field read in step 802 (Yes in step 408), the process proceeds to the update process in step 804.

  The update process in step 804 is a process of generating data of the update target field, here A's data record including the updated address of A, and storing it in the first to third databases 56A, 56B, and 56C. This process is substantially the same as steps 304 to 332 in FIG. The difference from Steps 304 to 332 in FIG. 4 is that the determination of the data field to replace the dummy data in Step 306 is determined as the update target field read in Step 802, and not the additional record R (i) in Step 312. , Update record R ′ (i) {1 ≦ i ≦ 3: number representing database} is added to existing additional record R (i) (here, existing additional records R (1) and R (2) of Mr. A) , R (3)) only the data in the update target field is generated by replacing the dummy data generated in step 310. In step 322, the record having the set record ID is acquired. In step 326, the server is acquired. The devices S (1), S (2), and S (3) are added to the existing databases of the first to third databases 56A, 56B, and 56C. Data and instructions are transmitted so that the records R (1), R (2), and R (3) are overwritten with the update records R ′ (1), R ′ (2), and R ′ (3), respectively. . When the process of step 332 ends, that is, when the update process 804 ends, this process ends.

  As described above, in this embodiment, a data record including regular data of a search target field is acquired, a data record in which the data of the update target field of the acquired data record is updated with new data is generated, and the existing data record is generated. Since the data is overwritten, the data in the existing data field can be updated.

  As described above, in the data management apparatus according to the present embodiment, at least one data field of the data record is replaced with dummy data and stored in each of the plurality of server apparatuses. Thus, it becomes difficult to obtain a regular data record from the server device, and security can be improved.

  As described above, in the data management apparatus according to the present embodiment, a data record mixed with dummy data is stored in each of a plurality of server apparatuses, so that a single database, for example, a regular data record in a server apparatus unit is stored. It is difficult to obtain. Therefore, it is difficult to grasp a legitimate one from a single database, and security against data leakage can be improved. Further, since each of the server devices stores a database composed of data records replaced with dummy data, there is no need to have a special structure or a special connection system configuration. Therefore, for example, a general-purpose server device that does not require a complicated device configuration such as providing a plurality of dedicated server devices having different functions can be used.

  In order to improve security, it is conceivable to encrypt data, but for that purpose, a dedicated and special configuration is required. On the other hand, in the data management apparatus of this embodiment, the regular data is replaced with dummy data and stored in a plurality of server apparatuses. And regular data are specified by majority vote from these several server apparatuses. In this way, the dummy data corresponding to the regular data is apparently stored, so that even if unauthorized access is made, the dummy data only flows out to an unintended third party on the database management side. For this reason, compared with the security improvement which performs encryption, in the data management apparatus of this Embodiment, the recognition that the security is given to the third party can be made difficult.

[Second Embodiment]
(Database repair)
In the present embodiment, if any of the first to third databases 56A, 56B, 56C constructed according to the first embodiment is damaged or stolen, the database is replaced. Is created based on the remaining database. Note that the processing of the present embodiment includes processing that is substantially the same as that of the first embodiment, and therefore the same portions are denoted by the same reference numerals and detailed description thereof is omitted.

  For example, if database maintenance is selected in the other processing of step 122 of the main routine (FIG. 2) of the above embodiment, the processing routine of FIG. In this process, regular data records are generated from the remaining database, and a process for generating data records in which some fields of the generated regular data records are replaced with dummy data is executed for all regular data records. Then, an alternative database is created by storing a data record including this dummy data. Therefore, when the record ID is set to the first record ID in step 900, the process proceeds to step 406, and the data of the regular data field is obtained by majority processing for the first data field. In the next step 902, the obtained regular data field is obtained. Are stored in the memory 28 as the value of the data field fi (i: the number of data fields). In the next step 904, it is determined whether or not the last data field is set. If negative, the process proceeds to step 906, the next data field is selected, the process returns to step 406, the majority process is performed, and the process of storing the acquired data fi of the regular data field is repeated. On the other hand, if the data fi of all regular data fields included in the data record of the set record ID is acquired and stored, the result in step 904 is affirmative and the process proceeds to step 908. Here, when f1 = name, f2 = address, f3 = age, and f4 = profession are acquired, the process proceeds to step 908. In step 908, a regular data record is generated from the field value fi stored in the memory 28 and stored in the memory 28 together with the set record ID.

  In the next step 910, it is determined whether or not the current record ID is the record ID of the last data record. If not, the process proceeds to step 912, the next record ID is selected, the process returns to step 406, the regular data field is acquired, and the process of generating and storing the regular data record is repeated.

  On the other hand, if the record ID of the last data record is determined (affirmative determination) in step 910, the process proceeds to step 914, where a partial registration process is performed, and then this process ends. The partial registration process in step 904 is a process for executing the processes in steps 304 to 332 in the additional process (FIG. 4) of the above embodiment with the number K of databases as 1.

  Thus, in this embodiment, regular data can be acquired based on the remaining database data, and only an alternative database can be created. Even if it becomes unusable due to damage or theft, a database that is an alternative to that database can be created based on the remaining database.

It is a block diagram which shows the main structures of the data management apparatus which concerns on 1st Embodiment of this invention. It is a flowchart which shows the flow of the main process performed with the data management apparatus which concerns on 1st Embodiment of this invention. It is a flowchart which shows the flow of the new construction process performed in 1st Embodiment of this invention. It is a flowchart which shows the flow of the additional process performed in 1st Embodiment of this invention. It is explanatory drawing for demonstrating the addition process performed in 1st Embodiment of this invention. It is a flowchart which shows the flow of the reference process performed in 1st Embodiment of this invention. It is a flowchart which shows the flow of the majority process performed in 1st Embodiment of this invention. It is explanatory drawing for demonstrating the reference process performed in 1st Embodiment of this invention. It is a flowchart which shows the flow of the update process performed in 1st Embodiment of this invention. It is a flowchart which shows the flow of the database restoration process performed with the data management apparatus which concerns on 2nd Embodiment of this invention.

Explanation of symbols

10 Data Management Device 20 Client Device 40A First Server Device 56A First Database 40B Second Server Device 56B Second Database 40C Third Server Device 56C Third Database

Claims (7)

Storage means for storing the data records in each of a plurality of storage means for storing databases each having a predetermined structure in which a data group consisting of a plurality of fields for inputting data is a unit data record;
Generating means for generating dummy data different from normal data in at least one field of the data record and generating a storage data record in which the normal data is replaced with the dummy data as the data record;
A data management device.   The data management apparatus according to claim 1, wherein the generation unit includes a setting unit that sets a position of a different field for each storage unit.   The data management apparatus according to claim 1, wherein the generation unit generates different dummy data for each of the storage units.   4. The data management apparatus according to claim 3, wherein the generation unit generates dummy data according to a predetermined rule corresponding to each of the storage units. An acquisition unit that acquires the data record stored in each of the plurality of storage units, and a plurality of data records acquired by the acquisition unit, the most data included in the data group of the same field is stored in the field of the normal data Data and certification means to certify;
The data management apparatus according to claim 1, further comprising: Data in a computer for transmitting / receiving information to / from each of a plurality of storage means each storing a database having a predetermined structure in which a data group consisting of a plurality of fields for inputting data is a unit data record. The computer stores the data records in each of the storage means; and
Generating dummy data different from normal data in at least one field of the data record and generating a storage data record in which the normal data is replaced with the dummy data as the data record;
Data management method to execute. Storing the data record in each of a plurality of storage means each storing a database of a predetermined structure in which a data group consisting of a plurality of fields for inputting data each is a unit data record;
Generating dummy data different from normal data in at least one field of the data record and generating a storage data record in which the normal data is replaced with the dummy data as the data record;
Recording medium on which a data management program is executed by a computer.

Images