JP4860779B1 - Distributed data storage system - Google Patents

Abstract

Distributed data storage that secures security to prevent unauthorized acquisition of partial data between each data center by distributing and storing a plurality of partial data generated from important data by secret sharing technology to a plurality of data centers Provide a system.
Each server has a data storage unit for storing partial data received from a client terminal, and the client terminal restores important data unless k or more are collected from the important data by a secret sharing technique. A division processing unit 310 that generates n (k ≦ n) partial data that cannot be performed, and m pieces (k ≦ m ≦ n) for storing n pieces of partial data in n servers 100 and restoring important data ) From the m servers 100 and a restoration processing unit 330 that restores the important data from the m partial data by the secret sharing technique.
[Selection] Figure 1

Description

  The present invention relates to electronic data storage technology, and more particularly to a technology effective when applied to a data distributed storage system that generates a plurality of non-critical data from important data by secret sharing technology and distributes and stores the data at a plurality of locations. is there.

  A company having an information system needs to take measures to protect important data such as highly confidential data in order to prevent an information security accident such as information leakage. On the other hand, various means for realizing these have been proposed.

  As a means for protecting important data, for example, it is conceivable that a company or the like stores important data in a data center where multiple security measures are taken. However, the construction and operation of a private data center that can be accessed from the outside requires a great load in terms of technology and cost, and cannot be easily realized.

  On the other hand, it is also possible to use a data center that is operated by a third party and provided as a service to the outside. However, storing important company data in a data center operated and managed by a third party involves a high security risk. In addition, storing important data in virtual data centers and virtual servers in cloud computing environments that have been increasingly used in recent years is extremely risky. Using it for construction is also one of the reasons why it is not popular.

  On the other hand, when important data is stored, the data is concealed or stored by taking measures to prevent tampering. In general, important data is encrypted and stored using an encryption key. In this case, the encrypted data includes all important data information. Therefore, for example, when encrypted data is acquired by a third party, important data is easily restored when the encryption key is also acquired and decrypted by the third party for some reason. Even if the encryption key is not acquired, since the encryption key has a finite length, theoretically, there is a possibility that important data may be restored from the encrypted data after a finite number of trials.

  On the other hand, a so-called secret sharing technique is also used as a method for strongly concealing important data. In secret sharing, important data is divided into non-important data that cannot be used by itself (important data cannot be recovered or guessed). Even if some non-important data is obtained by a third party, It is theoretically impossible to restore important data by a third party.

  Various secret sharing techniques have been proposed. For example, in Japanese Patent No. 4039810 (Patent Document 1), two or more information blocks are obtained by dividing an electronic information file into a plurality of information elements, selecting the divided information elements, and combining them in a different order. In this case, an information block that does not include all information elements unless all the information blocks are integrated is generated, and division information relating to the method divided into information elements and formation information relating to the method generating the information block A technology that secures the security of electronic information by generating divided extracted data that records information, storing at least one of each information block and divided extracted data in a certification authority, and separately storing the other separately Is disclosed.

  On the other hand, as a secret sharing technique that can restore important data if you collect more than a predetermined number of non-important data and information blocks corresponding to important data (sometimes referred to as “partial data” below) For example, a (k, n) threshold secret sharing method using polynomial interpolation as described in Non-Patent Document 1 has been conventionally used. According to this method, important data can be restored by collecting at least k pieces (k ≦ n) of n pieces of partial data. Various threshold secret sharing methods that further improve this method have also been proposed.

  In relation to this, for example, in JP 2009-139990 A (Patent Document 2), the data stored in the storage device is converted into a secret sharing method that requires a reference number of partial data at the time of restoration. When dividing data into a predetermined number of partial data equal to or greater than the reference number, a transmission unit that transmits partial data to another information processing device and deletes the partial data from the storage device, An information processing apparatus including an acquisition unit that acquires partial data from an information processing device and stores the partial data in a storage device, and a restoration unit that restores data on condition that a reference number of partial data is stored in the storage device is disclosed. ing.

Patent No. 4039810 JP 2009-139990 A

A. Shamir, "How to Share a Secret", Communications of the ACM, vol.22 no.11 pp.612-613, 1979.

  In recent years, as portable information processing terminals such as notebook PCs (Personal Computers) are widely used, there is an increased risk of information leakage due to theft or loss of these terminals themselves. For example, in a company that handles personal information or the like, if an employee or the like loses these terminals, a report or report to a supervisory authority may be required. However, in the past, the actual information leakage range could not be specified in most cases, and when it was lost, all data had to be reported as leaked or possibly.

  On the other hand, it is conceivable to reduce the risk of information leakage due to loss of the terminal by storing data including important data in the terminal in an external server or the like. At this time, the important data is not stored in an external server or the like as it is, for example, using the secret sharing technique described above, the important data is divided / distributed into non-important data to obtain partial data, which is By storing in a distributed manner on a server or the like, for example, the risk of information leakage can be reduced even when storing in a virtual data center or a virtual server in a cloud computing environment.

  In other words, partial data distributed and stored in each data center or the like does not make sense by itself, and the contents of important data cannot be restored or estimated from only the partial data. Therefore, not only the third party who illegally invaded the data center or server and acquired the partial data, but also, for example, an insider such as an administrator of each data center acquired the partial data maliciously. Even in this case, it is possible to prevent a situation in which the content of important data is leaked from the acquired partial data.

  Here, when considering a system configuration in which partial data is distributed and stored in a plurality of data centers, etc., it is usually necessary for a user to perform user authentication individually for each data center. This process is complicated, and there is a concern that the business efficiency is lowered. On the other hand, a so-called single that enables a user to access a plurality of data centers or servers that require user authentication without performing individual authentication procedures by performing authentication once. Sign-on technology is used.

  As a technique for realizing a single sign-on environment, for example, each server or system communicates between servers using the SAML (Security Assertion Markup Language) protocol, and authentication performed by a specific server such as an authentication server. There is a technique that eliminates the need for re-authentication by the user at each server or the like by automatically taking over the result information.

  However, a single sign-on environment based on such a method is premised on the establishment of a trust relationship that allows authentication information to be taken over and accepted between servers and systems, such as an in-house system on an intranet. Therefore, when each data center, server, etc. is operated by a different business operator, such a trust relationship may not be established due to a security relationship or the like.

  In addition, if the single sign-on method described above is used in such an environment, for example, in a certain data center, authentication information acquired from an authentication server or the like for user authentication processing is It is also conceivable that an unauthorized person accesses the other data center or the like illegally and acquires partial data stored in the other data center. Therefore, in the mechanism for distributing and storing a plurality of partial data generated from important data by secret sharing technology in each data center as described above, in order to prevent unauthorized acquisition of partial data between the data centers. Security also needs to be considered.

  Here, for example, in the technique described in Patent Document 1, one of the secret-distributed partial data (information blocks) is deposited with a certification authority which is a so-called “Trusted Third Party”. By doing so, a certification authority can always be interposed in the restoration of important data, and it is possible to cope with unauthorized access from insiders with malicious intent. However, it is necessary to install a “reliable third-party organization” as a system configuration, which may increase the burden in terms of cost and operational load.

  On the other hand, in the technique described in Patent Document 2, the partial data is mainly stored in a distributed manner on a server or other geographically distant client terminals, so that the client terminal is stolen by a third party or via a network. Although the purpose is to reduce the risk of information leakage due to unauthorized intrusion, no consideration is given to unauthorized access from a malicious insider (for example, the owner of another client terminal).

  Therefore, an object of the present invention is to secure a security for preventing unauthorized acquisition of partial data between each data center by distributing and storing a plurality of partial data generated from important data by secret sharing technology in a plurality of data centers. It is an object of the present invention to provide a distributed data storage system that can do this.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.

  A data distributed storage system according to a representative embodiment of the present invention generates partial data that is a plurality of non-important data from important data by secret sharing technology at a client terminal, and the partial data is transmitted via a network. A distributed data storage system that stores data in a plurality of connected servers, and has the following characteristics.

  That is, each of the servers has a data storage unit that stores the partial data received from the client terminal, and the client terminal uses the secret sharing technique to generate k data from the important data instructed to be stored by the user. The division processing unit that generates n (k ≦ n) partial data that cannot restore the important data unless it is collected, and the n pieces of partial data generated by the division processing unit are different from each other. A distribution management unit for collecting m pieces of partial data (k ≦ m ≦ n) for restoring the important data from the server, and instructing the use from the user The important data obtained from the m pieces of partial data acquired from the distributed management unit is processed by the secret sharing technique. And having a restoring unit for restoring the.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  According to a typical embodiment of the present invention, a plurality of partial data generated from important data by a secret sharing technique is distributed and stored in a plurality of data centers to prevent unauthorized acquisition of partial data between the data centers. Security can be ensured.

It is the figure which showed the outline | summary about the structural example of the data distribution storage system which is one embodiment of this invention. It is the figure explaining the concept of the storage of the data in one embodiment of this invention. It is the figure shown about the example of selection of the server which stores the partial data in one embodiment of this invention It is the figure which showed the outline | summary about the example of the flow of the authentication process in one embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

<Overview>
The data distributed storage system according to an embodiment of the present invention generates a plurality of partial data from the important data by secret sharing technology when the user stores the user's important data on the client terminal. Send to multiple data center servers for distributed storage. In addition, by implementing a single sign-on mechanism for each data center and performing authentication processing using different unique information (key) at each data center during authentication, access to each data center can be made independent. Ensure safety and ensure security between data centers. As a result, even insiders such as managers of each data center can obtain only one partial data, and important data cannot be restored / inferred from the partial data. Data can be stored.

  FIG. 2 is a diagram for explaining the concept of data storage in the data distributed storage system of the present embodiment. The data distributed storage system 1 has a configuration in which a client terminal 300 and a plurality of data centers 10 (four in the example of FIG. 2, 10a to 10d) are connected to a network 400 such as the Internet. Here, the client terminal 300 is an information processing terminal that is normally used by a user for business or the like and performs processing such as input and reference of important data 500. For example, the client terminal 300 is a PC, a tablet terminal, a smartphone, a mobile phone, or the like. This applies to mobile terminals.

  The data center 10 is a base for storing and managing server devices. For example, a dedicated data center facility that can store a large number of server devices and perform advanced operations management, or a so-called container. It may be a portable data center such as a mold or module, or may be a non-dedicated facility such as a machine room in an office building. Further, it may be a virtual data center in a cloud computing environment. Each data center 10 according to the present embodiment has a server 100 (example in FIG. 2) having a data storage unit 110 (110a to 110d in the example in FIG. 2) composed of storage devices and the like for holding and storing data. Then, it has one or more of 100a to 100d).

  Each of these data centers 10 is preferably not related to each other geographically and organizationally. In other words, managers and the like access each other physically or electronically between the data centers 10 such as being in the same site or adjacent sites, or being operated by the same or related business operators, etc. It is desirable that the configuration is not possible.

  In the environment as described above, when the important data 500 existing in the client terminal 300 is securely stored based on an instruction from the user, first, the client terminal 300 uses the secret sharing technique from the important data 500. A plurality of partial data 510 (four items 510a to 510d in the example of FIG. 2) are generated. As described above, each partial data 510 is non-important data that does not make sense alone. The important data 500 is deleted to prevent leakage.

  The secret sharing technique (secret sharing algorithm) to be used is not particularly limited. For example, if k or more of n partial data 510 are collected, the important data 500 can be restored. A so-called (k, n) threshold type (1 <k ≦ n) secret sharing technique that cannot restore the data 500 can be used. Also, the values of k and n are not particularly limited, and can be appropriately determined according to requirements such as security strength and processing speed. Note that the value of n (the number of partial data 510 to be generated) is equal to or less than the number of data centers 10. In other words, n or more data centers 10 are prepared for n partial data 510.

  The generated partial data 510 is distributed and transmitted to each data center 10 so as not to overlap each other, and is distributed and stored in the data storage unit 110. That is, the partial data 510 generated from the same important data 500 is stored separately in different data centers 10, and any two or more partial data 510 are not stored in the same data center 10. Like that. Each partial data 510 on the client terminal 300 is deleted to prevent leakage.

  As described above, the partial data 510 is generated from the important data 500 by the secret sharing technique and stored in each data center 10 to prevent leakage of the important data 500 due to theft or loss of the client terminal 300. it can. Since each data center 10 has only one partial data 510 for the important data 500, a third party enters the data center 10 to obtain the partial data 510 illegally, Even if an internal person such as an administrator of the system acquires partial data 510, only one partial data 510 can be obtained. Since the important data 500 cannot be restored / estimated only by the partial data 510, the contents of the important data 500 are not leaked.

  Further, when the data centers 10 are not related to each other geographically or organizationally, an internal person such as an administrator of the data center 10 accesses the other data center 10. This is also difficult together with the authentication processing described later. Therefore, for example, even if an insider such as an administrator of the data center 10 has malicious intent, the partial data 510 is illegally acquired from other data centers 10, and k or more pieces are collected to restore the important data 500. Can be prevented.

<System configuration>
Below, the system configuration | structure of the data distribution storage system 1 of this Embodiment is demonstrated. FIG. 1 is a diagram showing an outline of a configuration example of a data distributed storage system 1 according to an embodiment of the present invention. The data distributed storage system 1 has a configuration in which a plurality of servers 100, a master server 200, and client terminals 300 are connected to a network 400. Each server 100 is assumed to be operated and managed in the data center 10 which is not related to each other geographically and organizationally as shown in FIG.

  The server 100 is a computer system composed of server devices. As a file server or a storage server, the server 100 accepts access from the client terminal 300 after user authentication and provides a data (partial data 510) storage service. It has a function. The server 100 includes, for example, a data storage unit 110 including a storage device such as a magnetic disk and an authentication processing unit 120 implemented by a software program. The data storage unit 110 reads and writes specified data based on an instruction from an OS (Operating System) or the like.

  The authentication processing unit 120 performs an authentication process for access to the server 100. The authentication processing unit 120 includes user information 130 including account information for each user as information used when performing authentication processing. The user information 130 is configured by, for example, a database, a file table, or the like. For example, for each registered user ID of the registered user, the user seed 131 as unique information that is different for each user and the password are hashed by a predetermined procedure. Account information such as hashed password 132 is included. In addition, the authentication processing unit 120 has a server seed 140 as unique information that is different for each server.

  In the present embodiment, as will be described later, the authentication processing unit 120 performs authentication processing with the client terminal 300 by a challenge / response method. That is, in response to the authentication request from the user, the server seeds 140, the user seeds 131, and a random number as a challenge are transmitted. Further, the hashed hash value is received as a response from the client terminal 300, and authentication is performed by comparing the received hash value with the hashed password 132 hashed by the random number. . Therefore, the authentication processing unit 120 has a random number generation function and a hash algorithm. In addition, various known techniques and algorithms can be used for these implementations. When security of the communication path between the server 100 and the client terminal 300 is secured, a method other than the challenge / response method may be adopted.

  The master server 200 is a computer system composed of server devices, PCs, and the like, and generates and provides user seeds 131 and server seeds 140 held in each server 100. Since it is not a so-called authentication server that performs authentication on behalf of each server 100, it does not have a user authentication function. The master server 200 includes, for example, a seed generation unit 210 that is implemented by a software program. The seeds generation unit 210 generates seeds based on an instruction from an administrator or the like or a request from each server 100, and provides the seeds as user seeds 131 or server seeds 140 to the target server 100 via the network 400.

  The seed generation method and the seed format are not particularly limited. For example, a unique character string or binary data having a predetermined length can be generated and used as a seed. Note that the master server 200 may be installed in the data center 10 independent of the other servers 100, or installed in the same data center 10 as any one of the servers 100 with a configuration accessible from the outside. May be.

  The client terminal 300 generates a plurality of partial data 510 using the secret sharing technique from the important data 500, distributes and transmits the partial data 510 to each server 100 (each data center 10) so as not to overlap each other, and the data storage unit 110 It has a function to store distributedly. The client terminal 300 includes, for example, a distribution processing unit 321 implemented by a software program, a distribution management unit 320, a restoration processing unit 330, an authentication request unit 340, an interface unit 350, and a distribution status 321 including a database or a file table. And each table of setting information 301.

  The division processing unit 310 performs a plurality of partial data to be distributed and stored in each server 100 by secret sharing according to the setting contents of the setting information 301 from the important data 500 instructed to be securely stored by the user via the interface unit 350 described later 510 is generated. As described above, the secret sharing technique is not particularly limited, and a known (k, n) threshold type secret sharing technique can be used. In the setting information 301, for example, information for specifying the secret sharing algorithm to be used and parameters such as k and n can be set in advance.

  The distributed management unit 320 transmits the partial data 510 generated by the division processing unit 310 to each server 100 according to a predetermined condition based on the setting contents of the setting information 301 when the important data 500 is distributed and stored. At the same time, information relating to which server 100 stores each partial data 510 is recorded in the distribution status 321 and managed.

  When there are more than n servers 100, various methods can be considered for selecting n servers 100 and determining which server 100 to store each partial data 510.

  FIG. 3 is a diagram illustrating an example of selection of the server 100 that stores the partial data 510. In the example of FIG. 3, four partial data 510 generated by (3,4) threshold type secret sharing from each important data 500 (“important data α”, “important data β”, “important data γ”,...). For four ("A", "B", "C", "D"), four servers 100 as storage destinations are selected from the six servers 100 ("Server # 1" to "Server # 6"). It shows the case of assigning.

  For example, the servers 100 ("server # 1" to "server # 6") are ordered in accordance with a priority or the like based on random or specs, etc., and the server 100 that is not operating at that time due to a failure or the like (see FIG. In the example of 3, the “server # 6” when storing “important data γ”) may be excluded, and n servers 100 may be sequentially selected according to the order of the list. At this time, n servers 100 may be selected from the top of the list (for example, “server # 1”) each time, or as shown in the example of FIG. 3, important data for storing the starting point for selection The server 100 to be selected may be rotated by shifting every 500.

  By rotating the server 100 to be selected, the partial data 510 can be distributed and stored differently for a plurality of important data 500. As a result, for example, when acquisition of the partial data 510 becomes impossible due to a failure or the like in a plurality of servers 100 (in the example of FIG. 3, two shaded “server # 1” and “server # 2”). In addition, the range of the important data 500 that cannot be restored is limited to a part (only “important data α” in the example of FIG. 3), and a situation in which all the important data 500 cannot be restored can be prevented.

  Various methods for assigning the partial data 510 to the selected n servers 100 can be considered. For example, as shown in the example of FIG. 3, n partial data 510 may be sequentially assigned to a list of n servers 100, or each partial data 510 may be randomly assigned. Good.

  The setting information 301 includes, for example, access information (IP address, host name, etc.) for each server 100 serving as a distributed storage destination, and for selecting n servers 100 when more than n servers 100 exist. Criteria and conditions (for example, the priority order of the server 100, an ordered list, a rotation method, etc.) can be set in advance.

  Also, the distribution management unit 320 is based on the contents of the distribution status 321 and the setting contents of the setting information 301 based on a request from the restoration processing unit 330 when the important data 500 is restored by the restoration processing unit 330 described later. According to a predetermined condition, m partial data 510 for restoring the important data 500 are collected from each server 100 and transferred to the restoration processing unit 330.

  The number m of partial data 510 to be collected must be equal to or greater than the number k of partial data 510 necessary for restoring the important data 500, and all n partial data 510 are collected. (K ≦ m ≦ n). The setting information 301 includes, for example, partial data 510 from the target server 100 depending on criteria, conditions, failures, and the like for selecting the target m servers 100 when m is m or n <n. It is possible to set in advance a method for determining the server 100 as an alternative in the case where it cannot be acquired.

  If any of the n partial data 510 cannot be stored in each server 100 when the partial data 510 is distributed and stored due to a failure of the server 100, or more than k cannot be collected when the partial data 510 is collected. In such a case, an error may be returned to the user. Further, when the partial data 510 is transmitted / received to / from each server 100, the client terminal 300 and each server 100 perform predetermined encryption on the partial data 510 to transmit / receive information, thereby leaking information. This risk may be further reduced.

  The restoration processing unit 330 requests the distributed management unit 320 for more than the number of partial data 510 necessary for restoring important data 500 that is instructed to be used for reference or editing by the user via the interface unit 350. The important data 500 is restored from the acquired partial data 510 by a secret sharing technique.

  The authentication request unit 340 requests authentication of each server 100 when the distributed management unit 320 stores the partial data 510 in a distributed manner for each server 100 and collects the partial data 510 from each server 100. For example, an input of a user ID and a password is accepted from a user via a login screen, and individually or in parallel with the authentication processing unit 120 of each server 100 by a challenge / response method or the like, as will be described later. Implementing the authentication process realizes the single sign-on function.

  Here, as will be described later, based on the server seeds 140, the user seeds 131, and the random numbers transmitted from the authentication processing unit 120 of the server 100 in response to the transmission of the authentication request, the password designated by the user is set in a predetermined procedure. Is hashed and transmitted to the authentication processing unit 120 of the server 100 for authentication processing. Accordingly, the authentication request unit 340 is implemented with the same hash algorithm as that implemented by the authentication processing unit 120 of the server 100.

  The interface unit 350 has a user interface such as a screen display in the client terminal 300 and an input / output function such as data transmission / reception. The user can use the function of the data distributed storage system 1 by using, for example, a file management screen of a general OS.

  For example, on the file management screen, important data is moved to a specific folder or the like by a simple operation such as drag and drop. With this as a trigger, the division processing unit 310 and the distribution management unit 320 automatically generate n pieces of partial data 510 from the important data 500 by (k, n) threshold type secret sharing, It can be distributed and stored in each server 100 without making the user aware of it. As described above, the important data 500 is deleted from the client terminal 300 at this time. However, for example, a dummy file corresponding to the important data 500 is created on the file management screen so as not to make the user aware of it. Leave it.

  Further, for example, the user performs operations such as reference and editing on the important data 500 by performing operations on the dummy file or the like of the important data 500 managed in a specific folder on the file management screen. be able to. That is, using the operation on the dummy file as a trigger, the distribution management unit 320 and the restoration processing unit 330 automatically generate m (k ≦ m ≦ n) important data 500 corresponding to the dummy file from each server 100. Partial data 510 can be collected and important data 500 can be recovered and made available to the user.

<Authentication process>
Below, the content of the authentication process in the data distribution storage system 1 of this Embodiment is demonstrated. In the data distributed storage system 1 according to the present embodiment, as described above, when the partial data 510 is distributed and stored in the plurality of servers 100 and when the partial data 510 is collected from the plurality of servers 100, In order to avoid the complexity associated with individual authentication processing for each server 100, a single sign-on mechanism is provided.

  In the present embodiment, since each data center 10 is not related geographically or organizationally, for example, the authentication result of a representative authentication server or the like is sent between the servers 100 using the SAML protocol or the like. It has a mechanism that allows independent and secure access to each data center 10 by performing authentication processing individually using unique information (key) that is different between each data center 10 instead of taking over the authentication method. , Ensuring security between the data centers 10.

  As an initial state for performing the authentication process, it is assumed that each server 100 holds a seed generated by the seed generation unit 210 of the master server 200 as a server seed 140 in advance. Furthermore, initial registration of account information including a user ID, a password, and the like is performed in advance by each user. At this time, as account information, the seeds generated by the seed generation unit 210 of the master server 200 are stored as user seeds 131 for each user ID. Further, the password is stored as a hashed password 132 hashed by a predetermined hash algorithm using the user seeds 131 and the server seeds 140 as seed values.

  By not holding the password directly, the leakage of the password can be prevented. In addition, hashing is performed by using a unique user seed 131 for each user as a seed value, so that, for example, even when the same password is accidentally specified by a plurality of users, the hash value may be different for each user. it can.

  FIG. 4 is a diagram showing an overview of an example of the flow of authentication processing in the present embodiment. First, the user requests authentication (login) via the authentication request unit 340 of the client terminal 300. At this time, for example, user ID and password information are specified via a login screen or the like. The authentication request unit 340 transmits an authentication request including the designated user ID to the server 100 (S01).

  Upon receiving the user ID, the authentication processing unit 120 of the server 100 generates a random number as a challenge in the challenge / response method, acquires seeds, and transmits them to the client terminal 300 (S02). Here, in addition to the random number, the server seed 140 and the user seed 131 corresponding to the user ID held in the user information 130 are acquired.

  The server seed 140, the user seed 131, and the authentication request unit 340 of the client terminal 300 that has received the random number hash the password specified in step S01 with a predetermined hash algorithm (S03). Further, the hash value obtained in step S03 is hashed using the user seeds 131 as a seed value (S04). Furthermore, the hash value obtained in step S04 is hashed using the server seeds 140 as a seed value (S05). Further, the hash value obtained in step S05 is made one-time by hashing using a random number as a seed value, and the obtained hash value is transmitted to the server 100 (S06).

  Note that the series of hashing procedures in steps S03 to S05 described above is merely an example, and other procedures that can obtain equivalent results are naturally possible. However, the password is hashed in advance during user registration. It is necessary to use the same procedure as the hashing process when the hashed password 132 is acquired. Further, for example, when an instruction to update the password is received from the server 100 in step S02, the password (and hash) is executed before executing step S03 as necessary. Update password 132) may be updated.

  Upon receiving the hash value, the authentication processing unit 120 of the server 100 acquires the hashed password 132 corresponding to the target user ID from the user information 130 (S07), and the random number generated in step S02 is the acquired hashed password 132. Is hashed as a seed value (S08). Thereafter, authentication processing is performed by comparing the obtained hash value with the hash value received from the client terminal 300 in step S07, and the authentication result is transmitted to the client terminal 300 (S09). That is, if the two match as a result of the comparison, the authentication is established, and if the two do not match, the authentication is not established. At this time, for example, information related to the location of the transmission source such as the IP address is acquired from the request message from the client terminal 300, and other conditions such as whether or not the information is within a predetermined range are successful or unsuccessful. It may be added to the judgment.

  The authentication request unit 340 of the client terminal 300 receives the authentication result (S10), and then automatically performs the above-described series of processes sequentially for the other servers 100 as necessary, and authenticates each server 100. Process. Since the authentication processing in each server 100 is independent, the above-described series of processing can be performed simultaneously on a plurality of necessary servers 100 in parallel. The necessary server 100 information may be set in advance in the setting information 301 of the client terminal 300, for example, or selected by the distribution management unit 320 at the time of distributed storage or collection of the partial data 510. The server 100 may be the target.

  With the above processing, the user can perform authentication processing for each necessary server 100 only by specifying the user ID and password once.

  By taking the above-described method, for example, an administrator of a certain server 100 or data center 10 acquires account information such as the user's seed 131 or hashed password 132 of the target user from his / her user information 130. However, it is not possible to authenticate other servers 100 (data center 10) by impersonation using these pieces of information, and security between the servers 100 is ensured.

  This is because the value of the user's hashed password 132 in a certain server 100 is hashed by its own server seeds 140, and the user's hashed password 132 in the other server 100 is stored in the other server 100. This is because the value is different because it is hashed by 100 server seeds 140. Therefore, even if both are hashed using the same random number as a seed value, the same hash value is not obtained, and authentication is not established in step S09 in FIG. Further, even if the server seeds 140 of the other server 100 are acquired by some means, a hash value having the same value as the hashed password 132 in the other server 100 is generated unless the password of the target user is known. It is not possible.

  As described above, according to the data distributed storage system 1 according to an embodiment of the present invention, the partial data 510 is generated from the important data 500 by the secret sharing technique and is distributed and stored in each data center 10. The leakage of the important data 500 due to theft or loss of the client terminal 300 can be prevented. Since each data center 10 has only one partial data 510 for the important data 500, a third party enters the data center 10 to obtain the partial data 510 illegally, Even if an internal person such as an administrator of the system acquires partial data 510, only one partial data 510 can be obtained. Since the important data 500 cannot be restored / estimated only by the partial data 510, the contents of the important data 500 are not leaked.

  In addition, by performing authentication using unique information (server seeds 140) that is different for each server 100, an internal person such as an administrator of the data center 10 may access other data centers 10 with malicious intent. Since this is difficult, it is possible to ensure security for preventing unauthorized acquisition of the partial data 510 between the data centers 10.

  In addition, single sign-on for a plurality of servers 100 can be realized by a single authentication process from the client terminal 300 by a user, and authentication on each server 100 can be performed simultaneously in parallel. Therefore, in the distributed storage of the partial data 510 generated from the important data 500 and the collection of the partial data 510 exceeding the number necessary for restoring the important data 500, the time required for authentication is reduced and the deterioration of the response is suppressed. It becomes possible to do.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  INDUSTRIAL APPLICABILITY The present invention can be used in a data distributed storage system that generates a plurality of non-important data from important data using a secret sharing technique and distributes and stores the data at a plurality of locations.

1 ... Data distributed storage system,
10, 10a-d ... data center,
100, 100a to d ... server, 110, 110a to d ... data storage unit, 120 ... authentication processing unit, 130 ... user information, 131 ... user seed, 132 ... hashed password, 140 ... server seed,
200: Master server, 210: Seeds generation unit,
300 ... Client terminal 301 ... Setting information 310 ... Division processing unit 320 ... Distribution management unit 321 ... Distribution status 330 ... Restore processing unit 340 ... Authentication request unit 350 ... Interface unit
400 ... Network,
500: important data, 510a to d: partial data.

Claims (7)

A data distributed storage system that generates a plurality of partial data, which are non-critical data, from secret data using a secret sharing technique at a client terminal, and distributes and stores each partial data on a plurality of servers connected via a network. And
Each of the servers has a data storage unit that stores the partial data received from the client terminal,
The client terminal generates n pieces (k ≦ n) of partial data that cannot be restored unless the k is collected from the important data instructed to be stored by the user by the secret sharing technique. When,
The n pieces of partial data generated by the division processing unit are sequentially rotated for each of the important data to be stored from the n or more servers, and the data storage units of the n servers selected. A distributed management unit that stores each of the m pieces of partial data (k ≦ m ≦ n) for restoring the important data from each of the m servers;
Data having a restoration processing unit that restores the important data from the m pieces of partial data acquired from the distribution management unit using the secret sharing technique for the important data instructed to be used by the user Distributed storage system. The data distributed storage system according to claim 1 ,
Each of the servers further includes an authentication processing unit that performs an authentication process for access to the server,
The client terminal further specifies a user ID and a password from the user when the distributed management unit stores the partial data in each server and collects the partial data from each server. Receiving an authentication requesting unit that transmits authentication requests to each of the servers sequentially or in parallel,
The authentication processing unit of the server includes a server seed that is unique information for each server, a user seed that is unique information for each user for each registered user ID, and a password of the user for the server. And user information holding account information including a hashed password hashed in a predetermined procedure using the user seeds, and the server seeds in response to the authentication request received from the client terminal And the user seed related to the target user and the generated random number to the client terminal,
The authentication request unit of the client terminal hashes the password designated by the user using a predetermined procedure using the server seeds and the user seeds received from the server, and further hashed using the random numbers. Sending a hash value to the server;
The authentication processing unit of the server performs authentication by comparing the hash value received from the client terminal with a value obtained by hashing the hashed password relating to the target user using the random number, and performing authentication. A data distributed storage system, wherein a result is transmitted to the client terminal. The data distributed storage system according to claim 2 ,
The data distributed storage system further comprising a master server connected to the network and generating and providing a seed value serving as the seed for each server based on a request from each server. In the data distribution storage system of any one of Claims 1-3 ,
The distribution management unit of the client terminal distributes information related to which server each partial data is stored in when the n pieces of partial data are stored in the n servers. A data distributed storage system characterized by recording in a status recording unit. In the data distribution storage system of any one of Claims 1-4 ,
The client terminal selects k, m, n values related to the secret sharing technique, access information for each server, and n servers for which the distribution management unit stores n partial data. A condition for selecting the m servers for which the distributed management unit collects the partial data, and an alternative when the distributed management unit cannot acquire the partial data from the server Among the server determination methods, at least one piece of information has setting information set in advance. In the data distribution storage system of any one of Claims 1-5 ,
When the distribution management unit of the client terminal stores n pieces of partial data in each of the n servers, if the n pieces of partial data cannot be stored in the server, or m When collecting k pieces of partial data from m pieces of the servers, if k or more pieces cannot be collected, an error response is returned to the user. In the data distribution storage system of any one of Claims 1-6 ,
The client terminal and each server encrypt the partial data to be transmitted by a predetermined means when transmitting and receiving the partial data.

Images