JP2015059984A - Information concealing method in cloud computing - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an information concealing method in cloud computing.SOLUTION: A cloud portal system is configured such that when a task program makes a processing request to a database disposed in a cloud, a value included in the database processing request transmitted from the task program is encrypted by a secure gateway part of the cloud portal system interposed between the task program and the cloud, and that when the encrypted and accumulated data in the cloud are returned as a processing result, the data are decrypted and returned to the task program. Thus, it is possible to guarantee security without repairing the existing task program, and to safely use the cloud.

Description

  The present invention relates to an information concealment method in cloud computing.

  2. Description of the Related Art Conventionally, a public cloud service that is a cloud computing service and is used by an unspecified number of users has been provided by many companies. When using the public cloud service, the user does not need to be aware of maintenance work of the storage device, but can upload various data and download and use necessary files when necessary. Also, transaction processing that uses and processes such data is performed using public cloud services, thereby freeing from maintenance work such as database management software. Such public cloud services are used not only for personal use but also for companies and the like to manage customer data, sales data, and the like. Various technologies for further improving the convenience of such public cloud services have been disclosed.

  For example, Patent Document 1 discloses an SDP (Service Delivery Platform) that serves as an intermediary device when performing a series of cloud computing across a plurality of clouds as described above. Also, in Patent Document 2, the status of multiple clouds is determined, data is updated by avoiding the cloud in which an abnormality has occurred, and when recovered from the abnormality, the information on the normally updated cloud is restored to the cloud A service relay device that can be reflected in chronological order is disclosed.

JP 2011-182031 A JP 2012-203473 A

  However, in the configurations of Patent Document 1 and Patent Document 2 described above, when the cloud service provider is a third party, the data managed by the cloud remains in plain text, and in order to deposit information that should be kept confidential in the cloud It becomes a big problem, and companies that use the cloud need to use this risk with the convenience and balance of the cloud.

  Therefore, in the present invention, cloud computing enables data concealment in cloud computing, and can improve information security and prevent information leakage and data tampering without modifying existing business programs. The purpose is to provide an information concealment method in the Internet.

  An information concealment method in cloud computing according to the present invention includes a cloud provided with a database, a business program that makes a database processing request addressed to the cloud, and the cloud and the business program. A cloud computing system comprising: a cloud portal system, wherein the cloud portal system encrypts information included in a request addressed to the cloud from the business program; and the business from the cloud The decryption unit that decrypts the processing result to be returned to the program, and manages the encryption key and the decryption key. Sets whether to attempt encryption or decryption using a key or decryption key An encryption policy holding unit that selects and encrypts an encryption key to be used for the database processing request based on the encryption policy holding unit when the cloud database processing request is made from the business program. The encrypted database processing request is sent to the cloud, and when the processing result is returned from the cloud to the business program, the decryption key used for the processing result is based on the encryption policy holding unit. The decryption process result is returned to the business program after being selected and decrypted.

  According to the present invention, it is possible to encrypt a database processing request sent from a business program via a cloud portal system between the business program and the cloud, and process data stored in the cloud after being encrypted. When returned as a result, it can be decrypted and returned to the business program, so that the information stored in the cloud can be concealed without securing security on the business program side.

It is a block diagram which shows the structure of the cloud portal system in the Example of this invention. It is a block diagram which shows the structure of a queue gateway part same as the above. It is a block diagram which shows a structure of a transaction gateway part same as the above. It is a block diagram which shows a structure of a secure gateway part same as the above. It is a flowchart which shows operation | movement of a database update process request part same as the above. It is a flowchart which shows operation | movement of a commit process part same as the above. It is a flowchart which shows operation | movement of a real-time processing part same as the above. It is a flowchart which shows operation | movement of a delay processing part same as the above. It is a flowchart which shows operation | movement of a delay processing part same as the above. It is a flowchart which shows operation | movement of a delay processing part same as the above. It is a flowchart which shows operation | movement of a delay processing part same as the above. It is explanatory drawing which shows an example of a delay processing policy same as the above. It is explanatory drawing which shows an example of a delay processing script same as the above. It is explanatory drawing which compares the conventional secure data center and the secure data center which comprised the secure gateway part same as the above. It is explanatory drawing which shows the structure of a process waiting queue same as the above. FIG. 4 is an explanatory diagram showing a relationship between a processing unit list created as a pointer to a processing request to be processed in a delay processing script and a processing queue. It is explanatory drawing which shows the processing content of the business program A by a pseudo program code.

  The form for implementing this invention is demonstrated below. Of course, it is needless to say that the present invention can be easily applied to configurations other than those described in the present embodiment without departing from the spirit of the invention.

  The present embodiment will be described with reference to FIGS. In this embodiment, the number of public cloud services to be used is assumed to be 2 for the sake of simplicity.

  The operator 300 uses the databases PD1 and PD2 included in the public cloud services (hereinafter simply referred to as public clouds) P1 and P2 via the secure data center 100. The secure data center 100 includes a cloud portal system 200 and business programs a1 and a2 for business operators 300. The business operators 300 access the business programs a1 and a2 and make public via the cloud portal system 200. Clouds P1 and P2 are used.

  The cloud portal system 200 includes a request reception / result return unit 210 that receives a processing request addressed to a public cloud from a business program and returns a processing result from the public cloud, and queue management of a processing request addressed to the public cloud from the business program Queue gateway unit 220 having the function of the above, transaction gateway unit 230 having a function of executing a series of a plurality of processing requests including database updates of a plurality of public clouds as a unit (global transaction) of the processing request, the encrypted The secure gateway unit 240, which is responsible for decrypting the received information from the public cloud, sends a processing request addressed to the public cloud from the business program to the public cloud. Request sending / result receiving unit 250 having a function of receiving the result of the processing request from a five configurations by increasing the classification above.

  The queue gateway unit 220 will be described in detail. The queue gateway unit 220 is responsible for queue management of processing requests addressed to a public cloud from a business program, thereby allowing delay processing, batch processing, and batch processing when real-time processing of processing requests is impossible in the public cloud. This makes it possible to realize global transaction processing described later. As shown in FIG. 2, the queue gateway unit 220 includes a real-time processing unit 221, a processing queue holding unit 222, a delay processing unit 223, and a delay processing policy holding unit 224.

  The real-time processing unit 221 executes a processing request addressed to a public cloud from a business program. When executing this processing request, if the execution of the processing cannot be completed for some reason, the request is incorporated as an element in the processing queue prepared for each public cloud, and a delay processing script is created according to the delay processing policy described later Further, a setting for starting a later-described delay processing unit is performed according to the delay processing script.

  The processing queue holding unit 222 is for accumulating processing queues (222a, 222b,...) Provided for each public cloud. The processing queue is a queue that stores processing requests addressed to each public cloud from the business program.

The structure of the processing queues 222a and 222b held in the processing queue holding unit 222 is as shown in FIG. A function for arranging the database update processing requests addressed to the public cloud P1 or P2 in order of acceptance by the real-time processing unit 221 of each business program or the queue gateway unit 220, and the elapsed time according to the retry interval of the delay processing policy or the delay processing script And a function to send the message to the public cloud when it arrives, and a function to delete the corresponding queue element from the processing queue in response to a queue element deletion instruction from the delay processing unit 223.
In each queue element, specific contents of the database update processing request (for example, an SQL statement or a data file) are stored as queue elements.

  The delay processing unit 223 is activated by a call from the inside of the cloud portal system 200 or a preset timer expiration as a trigger, and is incorporated into a processing waiting queue such as request re-sending due to a failure according to the delay processing script described above. Responsible for delay processing for elements (that is, processing requests) and deletion processing of incorporated elements from the processing queue. This function is also used for batch processing of elements for which batch processing is specified such as daily batch, and for global transaction processing described later.

  The delay processing policy holding unit 224 stores a delay processing policy for each business program. The delay processing policy is defined in advance for each business program, and describes what to do when the public cloud that is the destination of the processing request is unavailable or the database update processing fails due to some reason. 12 has a data structure as shown in FIG. The “batch processing option” is a set value such as the right or wrong of batch processing of a plurality of requests addressed to the public cloud, and delay processing or rollback and error return when processing fails. The “retry count” is a set value of the retry count when the process fails. If 0 is specified, an error is returned immediately without retrying. The “retry interval” is a setting value of an interval for retrying, that is, a waiting time until retrying, and the unit is seconds. The “request destination change timing” is a threshold value of the number of trials when changing the processing destination public cloud when the processing fails even if a predetermined number of retries are performed. When 1 is set as the request destination change timing, the request destination is immediately changed when the processing fails. In “request destination after change”, an identifier for uniquely specifying another public cloud when the number of processing retries reaches the threshold set in the request destination change timing is set.

  The transaction gateway unit 230 will be described in detail. As shown in FIG. 3, when there is a processing request as a global transaction from the business program, the transaction gateway unit 230 executes a database update request addressed to a plurality of public clouds as one processing unit (global transaction). The transaction gateway unit 230 can designate either rollback or delayed commit as a handling when a global transaction is not established for each global transaction. The transaction gateway unit 230 includes a database update request processing unit 231 and a commit processing unit 232.

  The database update request processing unit 231 transmits a database update request from the business program to the real-time processing unit 221 included in the queue gateway unit 220 described above. In addition, the commit processing unit 232 performs processing for determining a processing request sent to the public cloud via the database update request processing unit 231.

  The secure gateway unit 240 will be described in detail. As shown in FIG. 4, the secure gateway unit 240 includes an encryption unit 241 that encrypts information to be concealed, a decryption unit 242 that decrypts encrypted information transmitted from the public cloud, and It comprises an encryption policy set in advance for each business program, and encryption / decryption information holding units 243a and 243b in which encryption keys and decryption keys registered in advance are recorded. The encryption policy describes what information from which business program is encrypted and how encryption is not performed.

  Next, the operation of the real-time processing unit 221 included in the queue gateway unit 220 will be described with reference to FIG. Upon receiving the database update request from the business program, the database update request processing unit 231 activates the real-time processing unit 221 using the database update request as a parameter. At that time, the real-time processing unit 221 acquires a delay processing policy (S701). This delay processing policy may be read in advance, or may be configured so that the database update request processing unit 231 passes it as a parameter. It is determined whether “collective processing” is specified in the acquired delay processing policy (S702). If the batch processing is not designated, it is assumed that the database update is requested immediately, and a database update request is sent to the request sending / result receiving unit 250 to the public cloud that is the destination of the database update request (S703). . It is determined whether or not the database update request is correctly received on the public cloud side and the update process is successful (S704). If the update process is successful, the database update request processing unit 231 receives the result and updates it. Notify the success of the process and end the process. If the update process has failed, the database update request is transferred as a queue element to a process queue corresponding to the update destination public cloud (S705). Subsequently, a later-described delay processing script is created according to the delay processing policy (S706), and a start timer for the delay processing unit 223 is set according to the delay processing script (S707).

  If there is a batch processing designation in the database update processing request (step S702 YES), it is searched whether or not a delay processing script corresponding to the batch processing has been created, and if it has not been created (S708 YES), a delay processing policy A delay processing script for batch processing is created according to (S709). After creation or completion of creation, the database update request is transferred to a processing queue corresponding to the update destination public cloud as a queue element (S710). In addition, a pointer indicating the queue element incorporated into the processing queue is added to the end of the processing unit list of the delay processing script (S711).

  The delay processing script will be described in detail below. The data structure of the delay processing script is shown in FIG. The delay processing script is a script that stores information necessary for schedule management of delay processing when the real-time processing unit 221 does not update or cannot update in real time. The “remaining retry count” is the initial value of the delay policy retry count, and is decremented by 1 each time a retry is performed. “Retry interval” is synonymous with that of the delay processing policy, and stores a waiting time until the update processing fails and the next retry is performed. The activation timer of the delay processing unit 223 is set according to the retry interval. “Residual retry count until request destination change” is initially set to “request destination change timing” of the delay processing policy as an initial value, and is decremented by 1 each time a retry is performed in the same manner as “remaining retry count”. . “Changed request destination” has the same value as “Deferred request destination” in the delay processing policy, and when the public cloud corresponding to the identifier is assigned and the request destination change timing becomes 0, the destination of the database update processing request is changed Change to the previous public cloud. “Pointer to processing request subject to delay processing” stores a pointer indicating where the database update processing request stored as a queue element is located in the processing waiting queue. By referring to this pointer, delay processing is performed. It is possible to uniquely specify a database update processing request for performing delay processing by a script.

  Note that a “processing unit list” can be stored in the “pointer to the processing request subject to delay processing”. The “processing unit list” is a list for handling a plurality of database update processing requests as one transaction, and stores pointers to a plurality of queue elements (that is, database update processing requests) as a list. For example, when a plurality of database update processing requests designated to be updated in daily batch processing are made, a plurality of databases for which “batch processing designation” is made according to the flowchart showing the operation of the real-time processing unit 221 described above. The same delay processing script for batch processing is assigned to the update processing request, and the batch processing specification is specified in the “processing unit list” stored in the “pointer to the processing request of the delay processing target” of the delay processing script. The pointers to the queue elements that store the database update processing requests that have been performed are sequentially added.

  Next, the operation of the delay processing unit 223 will be described with reference to FIGS. A delay processing policy is acquired (S801). As with the real-time processing unit 221, any means can be used as long as the delay processing policy can be read out using appropriate means such as reading out the delay processing policy from a storage unit and passing it as a parameter. It is determined whether or not “collective processing” of the delay processing policy is designated (S802). If “collective processing” is not designated (NO in S802), a delay processing script is acquired (S803). According to the delay processing script, send the request / receive the result so that the database update request stored in the queue element in the queue for processing indicated by the “pointer to the processing request for delay processing” is sent to the update destination public cloud. The unit 250 is instructed (S804). At this time, if the “request destination change timing” is 0, the update destination public cloud is changed according to the identifier stored in “request destination after change”. The request sending / result receiving unit 250 receives the success / failure of the update from the update destination public cloud and determines the success / failure of the update process. If the update process is unsuccessful (NO in S805), the “retry count” and “request” The “first change timing” is subtracted (S806), the activation timer of the delay processing unit 223 is set according to the “retry interval” of the delay processing script, and the process is terminated (S807). When the public cloud update processing is successful (S805), the pointer to the processing queue stored in “Pointer to processing request subject to delay processing” is referred to, and the corresponding queue element is deleted from the processing queue ( S808), the delay processing script is deleted, and the processing is terminated (S809).

  The processing when batch processing is designated in the delay processing policy in step S802 (S802: YES) will be described with reference to FIG. A delay processing script is acquired (S901), a processing unit list stored in “pointer to processing request for delay processing” is read, and the head data is selected (S902). It is determined whether or not the processing unit list is at the end (S903). If the processing unit list is not at the end, it is determined that the processing unit list has not been processed, and the database update processing request stored in the queue element of the processing waiting queue indicated by the selected pointer is The request sending / result receiving unit 250 is instructed to send to the public cloud in accordance with the delay processing script (S904). When the update processing success from the public cloud is notified and the request sending / result receiving unit 250 receives this (S905 YES), the pointer of the processing unit list is updated to the next data (S906), and the processing unit list thereafter. Steps S903 to S906 are repeated until is terminated.

  Next, the operation when the processing unit list is at the end (YES in step S903) will be described with reference to FIG. The top data in the processing unit list is selected again (S1001). It is determined whether or not the processing unit list is at the end. If the processing unit list is not at the end (NO in S1002), it is determined that the processing unit list has not been processed, and the database update processing request stored in the queue element of the processing waiting queue indicated by the selected pointer The request sending / result receiving unit 250 is instructed to send the commit request to the public cloud that is the destination of the database update processing request (S1003). The queue element that stores the database update request that sent the commit instruction is deleted from the processing queue (S1004). When this is repeated and the processing unit list ends (S1002 YES), the delay processing script is deleted and the processing is terminated (S1005).

  Subsequently, an operation when the update process has failed (NO in step S905) will be described with reference to FIG. Rollback processing is performed for all database update processing requests that have been successfully updated (S1101). If the batch processing option of the delay processing policy is 2, that is, “if batch processing and batch processing is impossible, retry according to the policy” is determined. If it is not 2 (NO in step S1102), the processing unit list is referred to. All the queue elements pointed to by the processing unit list are collectively deleted from the processing queue (S1103), the delay processing script is deleted, and the processing is terminated (S1104). If the batch processing option of the delay processing policy is 2 (YES in step S1102), the “retry count” and “request destination change timing” of the delay processing script are subtracted (S1105), and according to the “retry interval” of the delay processing script. The activation timer of the delay processing unit 223 is set and the process is terminated (S1106).

  Next, the operation of the cloud portal system when updating the public cloud from a business program will be described. FIG. 17 shows the specific processing contents of the business program A that makes a plurality of update requests expressed as pseudo program codes. The business program A first declares the processing as a global transaction in order to make a plurality of updates into a single processing. Thereafter, the update request of the database PD1 of the public cloud P1 and the update request of the database PD2 of the public cloud P2 are performed twice, the commit process is performed on these four update requests, and the program is terminated. Yes.

  First, the start of a global transaction is declared. At this time, the request reception / result return unit 210 receives a processing request from the business program A, and based on this, the database update request processing unit 231 of the transaction gateway unit 230 generates a delay processing script for the global transaction.

  Subsequently, the business program A makes an update request for each of the public cloud databases PD1 and PD2. Each of the four database update requests is processed by the real-time processing unit 221 of the queue gateway unit 220 via the database update request processing unit 231 of the transaction gateway unit 230 based on the route with batch processing designation in the flowchart of FIG. The queue is stored as a queue element in the processing queue holding unit 222a or 222b corresponding to the public cloud that is the destination of the update request. Further, the real-time processing unit 221 updates the delay processing script for the global transaction. A “processing unit list”, which is a pointer list to queue elements conceptually shown in FIG. 16, is created and stored in “pointer to processing request for delay processing” of the completed delay processing script.

  Subsequently, commit processing is performed. Thereafter, when all of the above four update requests have succeeded and the database update has been successfully completed (case 1), the partial update process has failed and “Process Cancel” is specified in the delay policy of the business program A A case (case 2) in which a partial update process has failed and “delay commit (retry at a fixed time interval)” is specified in the delay policy of the business program A will be described.

  First, Case 1 in which all the four update requests have succeeded and the database update has been completed correctly will be described. The request acceptance / result return unit 210 accepts the end declaration of the global transaction from the business program A, and the commit processing unit 232 of the transaction gateway unit 230 activates the delay processing unit 223 and performs processing according to the flowcharts shown in FIGS. Do. That is, for the delay processing unit 223 of the queue gateway unit 220, a database that is a queue element indicated by a pointer stored as a processing unit list in the “pointer to processing request to be delayed” of the delay processing script for the global transaction. An instruction is sent to send all update processing requests to the corresponding public cloud, and the request sending / result receiving unit 250 sends this, and receives notification from the public cloud that all update processing has been successful, In response to this, the delay processing unit 223 deletes all queue elements related to the global transaction from the queue for processing, and deletes the corresponding delay processing script. Processing is performed by the procedure as described above.

  Next, a case 2 in which the partial update process has failed and “1: batch processing is performed and all processing is rolled back when batch processing cannot be performed” is specified in the delay processing policy of the business program A will be described. To do. Similar to the above success example, the request acceptance / result return unit 210 accepts the end declaration of the global transaction from the business program A, and the delay processing unit 223 of the queue gateway unit 220 receives the delay processing script for the global transaction. The request sending / result receiving unit 250 instructs to send a database update request as a queue element corresponding to the pointer indicated by the processing unit list stored in “pointer to processing request subject to delay processing” to the public cloud. Send this out. At this time, it is assumed that the last one update process among the four updates to the public cloud has failed for some reason. At this time, the subsequent processing is performed according to the NO route for success / failure determination in step S905 of the flowchart of FIG. 9, that is, the flowchart of FIG. First, the delay processing unit 223 is requested to roll back the database of each public cloud in order to cancel the three successful update processes. Subsequently, since “1” is specified in the delay processing policy, the determination of the delay commit specification in step S1102 becomes the route of NO, and all database update processing requests related to the global transaction are deleted from the processing queue. , Delete the corresponding delay processing script. As described above, even if there are some successful update processes in the global transaction process that are addressed to multiple public clouds, even one of the other update processes in the same global transaction fails to be updated. If you do, everything will be rolled back.

  Next, a case 3 in which the partial update process fails and the delay processing policy of the business program A is designated as “2: batch processing and retry when the batch processing is impossible” will be described. Similar to the above example, the fourth update process, that is, the update to the database PD2 of the private cloud P2 is assumed to have failed. The same processing as in case 2 is performed until the determination in step S1102 of the flowchart of FIG. Since “2” is specified in the delay processing policy, the determination of the delay commit specification in step S1102 is a route of YES. According to the delay processing script, an unexecuted update request stored as a queue element related to the global transaction from the processing queue corresponding to each public cloud held in the processing queue holding units 242a and 242b, in this case, the fourth The pointer of the queue element corresponding to the update request to the database PD2 of the private cloud P2 is updated to “delay processing target pointer” in the delay processing script as the processing unit list, and the remaining retry count of the delay processing script is set. The timer is set so as to start the delay processing unit 223 in accordance with the set value stored in the retry interval. Of course, if “request destination after change” is set, “remaining retry count until request destination change” is also subtracted.

  As a result, the failed fourth update request can be retried, and if the update is successful as a result of the retry, the global transaction is transferred from the processing queue of the processing queue holding units 222a and 222b to the relevant global transaction as in the case 1. Delete all the related queue elements and delete the delay processing script. If the update process fails as a result of the retry and the number of times reaches the “retry count” set in the delay processing script, the three successful updates to the delay processing unit 223 are performed as in the case 2. In order to cancel the processing, the public cloud database is requested to be rolled back, all the queue elements related to the global transaction are deleted from the processing queue, and the corresponding delay processing script is deleted.

  Next, the operation of the secure gateway unit will be described. As shown in FIG. 14 (a), since the business program before using the public cloud service is composed of a processing system and a database provided on a closed network, each processing request is returned. Results are exchanged in clear text. If the public cloud is used to manage the data used in the business program as shown in FIG. 14B, the business program entrusts its security policy and security measures to the encryption function provided in advance in the public cloud processing system. It will be. Often, public cloud security policies and security measures are not clearly visualized, and users do not need to conceal them in accordance with public cloud security policies when using public cloud business programs. It is necessary to configure such that only good information is stored in the public cloud and information that should be kept secret is stored separately in a secure data center. However, in order to do so, it is necessary to restructure the business program to access two or more databases having different security policies, and it is necessary to classify which information is managed in which database. A large-scale business program requires a large amount of man-hours to perform such work, which is a major obstacle to using a public cloud in the business program. However, for business programs, for example, there are immeasurable benefits of a public cloud that has strong merits in maintaining data, such as data corruption in the event of a failure, and ease of access from terminals deployed in large areas. .

  Therefore, in this embodiment, as shown in FIGS. 1 and 4, a secure gateway unit 240 is provided in the cloud portal system 200 of the secure data center 100 arranged between the business program A and the public clouds P1 and P2, and the business program A value that is a plaintext for which an update request is made from A is encrypted by the encryption unit 241, a database update request is generated by the encrypted value, and the databases PD 1 and PD 2 of the public clouds P 1 and P 2 are updated. To do. Further, an encrypted value is acquired from the public cloud database PD1 or PD2 in response to a request from the business program A, decrypted via the decryption unit 242, and a plaintext value is returned to the business program A. At that time, the encryption policy holding units 243a, 243b,... Are provided for each business program, and the encryption and decryption policies, the encryption key, and the decryption key are individually set and registered for each business program.

  By configuring in this way, as shown in FIG. 14C, the business program is encrypted in the public cloud after encryption according to the security policy specific to the business program without special modification. It can be registered and can be easily decrypted when an encrypted value is obtained from the public cloud. Also, encryption / decryption policies, encryption keys, and decryption keys can be set for each business program. For example, business programs with different security policies can be managed by the same cloud portal system and public Enable cloud usage. Therefore, even if the business programs of a plurality of business operators are operated in the secure data center 100, it is possible to apply individual security policies for each business operator and for each business program.

  According to the cloud portal system as described above, even when using a public cloud service that is open to the public, data transmitted to the public cloud service side that needs to be kept confidential Is encrypted and transmitted, and when the encrypted data is received, it is decrypted and received by the cloud portal system, so the user can do it without being aware of the encryption and decryption of the data. In addition, reliability can be significantly improved while ensuring the convenience of public cloud services.

  In addition, even when a processing request from a business program fails for some reason, the update processing can be automatically retried by the update request retry function by the delay processing unit, thereby improving convenience. be able to.

  Furthermore, even in cases where cloud computing is required to update multiple public cloud services in a batch process, the success or failure of updating to an individual public cloud service is determined by human operation, etc. This eliminates the need for global transaction processing and improves the convenience and reliability of the system.

  The cloud portal system 100 described above is provided with a separate storage unit, and mirroring the public cloud by updating the same content as the update content to the public cloud to the storage unit, or all data periodically from the public cloud It is also possible to further improve the robustness and reliability of the cloud portal system 100 by configuring so as to be a backup by acquiring and storing it in the storage unit.

  As mentioned above, although the Example of this invention was explained in full detail, this invention is not limited to the said Example, A various deformation | transformation implementation is possible within the range of the summary of this invention. For example, the business program has been described as one type of A and the public cloud service as two types of P1 and P2. However, the present invention is not limited to this, and it is assumed that a plurality of business programs and public cloud services are used in combination. There is no problem, and the number of business programs and the number of public clouds can be changed arbitrarily. The delay processing policy and the delay processing script are not limited to those shown in FIGS. 12 and 13 and may be set as appropriate in consideration of convenience and the like. In addition, the queue gateway unit 220 responsible for delay processing, the transaction gateway unit 230 responsible for the global transaction function, and the secure gateway unit 240 responsible for the encryption / decryption function can be used individually, and in any combination Needless to say, it can also be used. For example, if you want to encrypt one or more files and register them in the public cloud service, you only need to use the secure gateway unit 240. If you want to automate retries if registration fails, queue What is necessary is just to set so that the gateway part 220 may be used, and also in the update addressed to a plurality of public clouds using a global transaction, the processing of the queue gateway part 220 and the transaction gateway part 230 is performed via the secure gateway part 240. By doing so, update processing can be performed with automatically encrypted data for multiple public clouds, and decryption can be completed before returning the processing result to the business program, Specialized on business program side Consciousness without, it is possible to realize a high degree of security.

100 Secure Data Center A Business Program 200 Cloud Portal System 210 Request Acceptance / Result Return Unit 220 Queue Gateway Unit 221 Processing Queue Creation Unit 222a, b Processing Queue Holding Unit 223 Delay Processing Unit 224a, b Delay Processing Policy Holding Unit 230 Transaction Gateway unit 231 Database (DB) update processing request unit 232 Commit processing unit 240 Secure gateway unit 241 Encryption unit 242 Decryption unit 243a, b Encryption / decryption information holding unit 250 Request transmission / result reception unit P1, P2 Public cloud Service PS1, PS2 Processing System PD1, PD2 Database

Claims (1)

A cloud with a database,
A business program that makes database processing requests to the cloud;
A cloud portal system that intervenes between the cloud and the business program and communicates with both;
A cloud computing system comprising:
The cloud portal system
An encryption unit for encrypting information included in the request addressed to the cloud from the business program;
A decryption unit for decrypting a processing result to be returned to the business program from the cloud;
Manages the encryption key and decryption key, and attempts to encrypt or decrypt the processing request addressed to the cloud and the processing result from the cloud using any encryption key or decryption key. An encryption policy holding unit for setting whether to perform,
When the cloud database processing request is made from the business program, the encryption key used for the database processing request is selected and encrypted based on the encryption policy holding unit, and then encrypted to the cloud. Send database processing request,
When a processing result is returned from the cloud to the business program, a decryption key used for the processing result is selected and decrypted based on the encryption policy holding unit, and then decrypted into the business program An information concealment method in cloud computing, which is configured to return results.

Images