JP7371849B2 - Network system, distribution server, distribution method, distribution program - Google Patents

Description

The present invention relates to a network system, a distribution server, a distribution method, a distribution program, a cache server, a cache method, and a cache program.

Conventionally, various techniques have been proposed for intermediately caching files transmitted between computers connected to a network. However, when encrypted communication is performed between a distribution source server and a distribution destination terminal, the cache server cannot read the distributed information, and caching is generally difficult. Furthermore, techniques for caching the contents of encrypted communications have also been proposed (for example, Non-Patent Documents 1 and 2).

Jeremie Leguay, Georgios S. Paschos, Elizabeth A. Quaglia, Ben Smyth, “CryptoCache: Network Caching with Confidentiality” IEEE ICC, May 21-25, 2017, DOI: 10.1109/ICC.2017.7996866 Shujie Cui, Muhammad Rizwan Asghar, and Giovanni Russello, “Multi-CDN: Towards Privacy in Content Delivery Networks” IEEE TDSC, May 4, 2018, DOI: 10.1109/TDSC.2018.2833110

However, it has been difficult to keep the content of the information held by the cache server and requested by the terminal a secret from the cache server, and to allow the terminal requesting the information to use the information appropriately. SUMMARY OF THE INVENTION Therefore, an object of the present invention is to provide a technique for storing information in an encrypted state in a cache server and having a terminal requesting the information appropriately decrypt the information.

The network system includes a distribution server that distributes data files, a cache server that caches data files, and a terminal that receives data files. When the distribution server receives a data file transmission request from a terminal, it has a distribution control unit that transmits identification information associated with the requested data file to the terminal, and a distribution control unit that decrypts the encrypted data file. and a key management unit that transmits the key to the terminal. In addition, when the cache server receives a request to send a data file that includes identification information from a terminal, if the data file is cached in the storage device in association with the requested identification information, the cache server sends the data file to the terminal. When the data file is not cached in the storage device in association with the transmitted and requested identification information, the cache management unit receives the encrypted data file from the distribution server and stores it in the storage device.

Since the distribution server, cache server, and terminal identify the data file using identification information, the data file itself can be cached on the network system even if it is encrypted, reducing the load on the distribution server. . Furthermore, information for identifying the original data file, such as a URI (Uniform Resource Identifier), can be hidden from the cache server.

Further, the identification information may be a data file associated with the identification information, or a value obtained from the network address of the data file using a predetermined one-way function. In this way, the distribution server can easily generate the identification information, and there is no need for the cache server to store the identification information in a large table.

Further, the distribution server and the terminal may establish a session for encrypted communication in the process performed by the distribution control unit, and restart the session in the process performed by the key management unit. In this way, information for decoding the data file can be transmitted to the terminal at an appropriate timing.

Further, a distribution server according to another aspect of the present invention communicates with a cache server that distributes data files and caches the data files, and a terminal that receives the data files. When the distribution server receives a data file transmission request from a terminal, it transmits identification information associated with the requested data file to the terminal, and caches the data file transmission request including the identification information. When receiving the encrypted data file from the server, it includes a distribution control unit that transmits the encrypted data file to the cache server, and a key management unit that transmits a key for decrypting the encrypted data file to the terminal.

In this way, since the data file is specified using the identification information, even if the data file itself is encrypted, it can be cached on the network system and the load on the distribution server can be reduced.

The cache server also communicates with a distribution server that distributes data files and a terminal that receives data files, and caches the data files. When a request to send a data file including identification information of the requested data file is received from a terminal, and the encrypted data file is cached in the storage device in association with the requested identification information, If the encrypted data file is sent to the terminal and the encrypted data file is not cached in the storage device in association with the requested identification information, the encrypted data file is sent from the distribution server. It is received and stored in a storage device.

In this way, since the data file is specified using the identification information, the data file itself can be cached on the network system even in an encrypted state, and the load on the distribution server can be reduced.

Note that the contents described in the means for solving the problems can be combined as much as possible without departing from the problems and technical idea of the present invention. Further, the content of the means for solving the problem can be provided as a device such as a computer, a system including a plurality of devices, a method executed by a computer, or a program executed by a computer. Note that a recording medium holding the program may be provided.

According to the present invention, it is possible to provide a technique for a cache server to hold information in an encrypted state and for a terminal requesting the information to appropriately decrypt the information.

FIG. 1 is a diagram illustrating an example of the configuration of a network system according to an embodiment. FIG. 2 is a block diagram showing an example of the configuration of a distribution server, a cache server, and a terminal. FIG. 3 is a processing flow diagram showing an example of distribution processing. FIG. 4 is a diagram showing an example of a table stored in a storage device by the distribution server. FIG. 5 is a diagram showing an example of a table stored in a storage device by a cache server. FIG. 6 is a processing flow diagram showing an example of distribution processing. FIG. 7 is a processing flow diagram showing an example of distribution processing. FIG. 8 is a diagram illustrating an example of the configuration and processing of a network system according to a modification.

Hereinafter, embodiments for carrying out the present invention will be described with reference to the drawings.

<System configuration>
FIG. 1 is a diagram illustrating an example of the configuration of a network system according to an embodiment. A network system 1 in FIG. 1 includes a distribution server 2 that distributes data files such as video content, a cache server 3 that caches data files and transmits the cached data files in response to requests, and user operations. and terminals 4 (4A to 4C) that request data files in response to requests for data files. The distribution server 2, cache server 3, and terminal 4 are so-called computers, and are communicably connected to other computers to transmit and receive data files. In this embodiment, encrypted communication is performed between the distribution server 2, the cache server 3, and the terminal 4 according to the SSL/TLS protocol, respectively. The key used to encrypt the communication path can be generated using existing technology. For example, an independent common key for encrypting the data body is used for each session and is different each time. It is also assumed that, in addition to the encryption of the communication path, the data file itself is also encrypted, and the encrypted data file is held in the cache server 3. Content in FIG. 1 represents a plaintext data file. Further, k is a common key used for encrypting and decrypting content data. That is, a key independent from the communication channel encryption is used to encrypt the content data. Note that a different common key k is used for each content. _Enck (Conte
nt) is a data file encrypted using the common key k. Further, Deck (Enck (Content)) is a data file decrypted using the common key k. Note that the numbers of distribution servers 2, cache servers 3, and terminals 4 included in the network system 1 are not limited to those shown in FIG. good.

<Device configuration>
FIG. 2 is a block diagram showing an example of the configuration of the distribution server 2, cache server 3, and terminal 4.

<Distribution server>
The distribution server 2 includes a communication interface (I/F) 21, a storage device 22, an input/output device 23, a processor 24, and a bus 25. The communication I/F 21 is, for example, a communication module or a network card, and communicates with computers such as the cache server 3 and the terminal 4 based on a predetermined protocol.

The storage device 22 includes main storage (primary storage) such as RAM (Random Access Memory) and ROM (Read Only Memory), and auxiliary storage such as HDD (Hard-disk Drive), SSD (Solid State Drive), and flash memory. device (secondary storage device). The main memory temporarily stores programs and data read by the processor, and secures a work area for the processor. The auxiliary storage device stores programs executed by the processor, data files to be distributed, and the like. The input/output device 23 is, for example, an input device such as a keyboard or a mouse, an output device such as a monitor, or a user interface such as a touch panel.

The processor 24 is an arithmetic processing device such as a CPU (Central Processing Unit), and performs each process according to the present embodiment by executing an application. Distribution server 2 shows functional blocks within processor 24 . That is, the processor 24 functions as a distribution control section 241 and a key management section 242. The distribution control unit 241 transmits a data file and identification information associated with the data file in response to a request from the cache server 3 or the terminal 4. Note that the identification information associated with the data file is referred to as a "tag" in this embodiment. The tag may be a hash obtained from the data file or the network address of the data file using a predetermined hash function, or it may be a random character string assigned independently of the data file. good. Further, in this embodiment, it is assumed that the data file is encrypted using a predetermined method, and a decryption key is required in order to read the data file at the terminal 4. The key management unit 242 transmits a decryption key for decrypting the data file to the terminal 4 at a predetermined timing. For example, after the encrypted data file is transmitted from the cache server 3 to the terminal 4, the key management unit 242 transmits the decryption key to the terminal 4.

The above components are connected via the bus 25.

<Cache server>
As shown in FIG. 2, the cache server 3 also includes a communication I/F 31, a storage device 32, an input/output device 33, a processor 34, and a bus 35.

The communication I/F 31 is, for example, a communication module or a network card, and communicates with other computers based on a predetermined protocol. For example, data files are transmitted and received between the terminal 4 and the distribution server 5. The storage device 32 is a main storage device such as a RAM or ROM, and an auxiliary storage device such as an HDD, SSD, or flash memory. The main memory temporarily stores programs and data read by the processor, and secures a work area for the processor. The auxiliary storage device stores programs executed by the processor and encrypted data files in association with the tags described above. The input/output device 33 is, for example, an input device such as a keyboard or a mouse, an output device such as a monitor, or a user interface such as a touch panel.

The processor 34 is an arithmetic processing device such as a CPU, and performs various processes according to the present embodiment by executing an application. In the cache server 3 as well, functional blocks are shown in the processor 34. That is, the processor 34 functions as a cache management section 341 and a distribution management section 342. The cache management unit 341 receives a request to send a data file including a tag from the terminal 4, and sends data indicating whether or not there is a cache hit to the distribution server 2. The distribution management unit 342 transmits the encrypted data file to the terminal 4, or receives the encrypted data file from the distribution server 2 and caches it if there is no cache hit.

The above components are connected via the bus 35.

<Terminal>
The terminal 4 is a computer such as a PC (Personal Computer), a smartphone, or a tablet, and includes a communication I/F 41, a storage device 42, an input/output device 43, a processor 44, and a bus 45. The communication I/F 41 is, for example, a wired network card or a wireless communication module, and communicates with other computers based on a predetermined protocol.
For example, an encrypted data file is received from the cache server 3. The storage device 42 is a main storage device such as a RAM or ROM, and an auxiliary storage device such as an HDD, SSD, or flash memory. The main memory temporarily stores programs and data files read by the processor, and secures a work area for the processor. The auxiliary storage device stores programs executed by the processor, data files, and the like. The input/output device 43 is, for example, an input device such as a keyboard or a mouse, an output device such as a monitor, or a user interface such as a touch panel. For example, the user requests the distribution server 2 to transmit a data file via the input/output device 43, or reads and displays the received data file.

The processor 44 is an arithmetic processing device such as a CPU, and performs each process according to the present embodiment by executing a program. Regarding the terminal 4 as well, functional blocks are shown in the processor 44. That is, the processor 44 functions as a request processing section 441 and a decoding processing section 442. The request processing unit 441 requests the distribution server 2 to transmit the data file, receives the tag associated with the data file from the distribution server 2, and uses the tag to transmit the data file to the cache server 3. request. Further, the request processing unit 441 receives an encrypted data file corresponding to the tag from the cache server 3. The decryption processing unit 442 receives the decryption key from the distribution server 2, decrypts and reproduces the encrypted data file.

The above components are connected via a bus 45.

In this manner, the network system 1 according to the present embodiment can cause the cache server 3 to hold encrypted data files by identifying the data files using tags. Then, by distributing the transmission request for the data file from the cache server 3, traffic on the network can be reduced. Furthermore, as described above, the tag is a value that is assigned regardless of the plain text data or address of the data file, such as a hash that has difficulty in calculating the original image (unidirectionality). The decryption key for the data file is then transmitted and received in encrypted communication between the distribution server 2 and the terminal 4. Therefore, the cache server 3 cannot decrypt the contents of the data file requested by the terminal 4, and the privacy of the user of the terminal 4 is protected.

<Distribution processing>
FIG. 3 is a processing flow diagram showing an example of distribution processing. When the user of the terminal 4 performs an operation to request distribution of a content data file, for example, distribution processing as shown in FIG. 3 and subsequent figures is started. Further, in FIG. 3, an HTTPS session established between two devices is shown by a rectangle with rounded corners indicated by a chain double-dashed line. In an HTTPS session, the content of the communication is encrypted using a common key shared between two devices using an encryption method such as the AES method.

First, the request processing unit 441 of the terminal 4 transmits data requesting a data file to the distribution server 2 via the communication I/F 41 (FIG. 3: S1). In this step, a data file transmission request that includes a data file ID (also referred to as "content ID"), such as a URI, is transmitted. Furthermore, it is assumed that the above-mentioned HTTPS session has been started when this step is executed.

On the other hand, it is assumed that the distribution server 2 stores in advance in the storage device 22 the ID of the data file, the tag, and the key used for encrypting the data file in association with each other. FIG. 4 is a diagram showing an example of a table stored in the storage device 22 by the distribution server 2. The table shown in FIG. 4 includes attributes of "content", "tag", and "key". The content ID distributed by the distribution server 2 is registered in the "content" field. In the "tag" field, a tag is registered that has unidirectionality and can be determined from the data file based on a predetermined function or by referring to a predetermined table, and is used as identification information of the data file. . The tag may be, for example, a hash value created from the URI or plain text of the data file using HMAC (Hash-based Message Authentication Code), or a value randomly created by the distribution server 2 for the data file. It may be. Note that in this embodiment, since the tag is used as identification information of the data file, it is preferable that the tag has a size sufficient to avoid collisions depending on the number of data files, such as about 256 bits. . A common key for encrypting and decrypting data files is registered in the "key" field. The key size is preferably 128 bits, for example, depending on the encryption method.

When receiving a request for a data file from the terminal 4 via the communication I/F 21, the distribution control unit 241 of the distribution server 2 reads the tag associated with the content ID included in the request from the table, and sends the tag to the communication I/F 21. (FIG. 3: S2). In this step, the distribution control unit 241 extracts a tag corresponding to the requested content from the table shown in FIG. 4, for example, and transmits it to the terminal 4.

On the other hand, upon receiving the tag from the distribution server 2 (FIG. 3: S3), the request processing unit 441 of the terminal 4 requests the cache server 3 to transmit the cache file using the tag (FIG. 3: S4). In this step, the request processing unit 441 transmits the request including the tag received in S3 to the cache server 3 via the communication I/F 41. Further, the request may further include the ID of the terminal 4 or the user using the terminal, and the ID of the distribution server 2. It is assumed that an HTTPS session is also started between the terminal 4 and the cache server 3, and encrypted communication is performed.

Although the cache server 3 has the function of caching encrypted data files as described above, it does not necessarily cache all the data files distributed by the distribution server 2. FIG. 5 is a diagram showing an example of a table stored in the storage device 32 by the cache server 3. The table shown in FIG. 5 includes attributes of "encrypted content" and "tag". The ID of the encrypted data file cached by the cache server 3 is registered in the "encrypted content" field. The ID of the encrypted data file may be a file path indicating the location of the data file on the storage device 32, or may be identification information for uniquely identifying the file path. In the "tag" field, a tag associated with the data file by the distribution server 2 is registered. In this way, the contents of the data file cannot be decoded from the information held by the cache server 3, nor can the original location of the data file be specified.

When receiving a cache file request from the terminal 4 via the communication I/F 31, the cache management unit 341 of the cache server 3 determines whether the requested file is cached (FIG. 3: S5). In this step, for example, if the requested tag is registered in the table shown in FIG. 5, it is determined that the cache has been hit, and if it is not registered, it is determined that the cache has not been hit.

If the cache is not hit (S5: NO), the process transitions to the process of FIG. 6 via the connector "A". FIG. 6 is a processing flow diagram showing an example of distribution processing. Then, the distribution management unit 342 of the cache server 3 notifies the distribution server 2 of the cache miss via the communication I/F 31 (FIG. 6: S6). In this step, for example, the tag of the data file requested by the terminal 4, the ID of the terminal 4 or the user using the terminal, and information indicating that there was no cache hit are notified. It is assumed that an HTTPS session is also started between the cache server 3 and the distribution server 2, and encrypted communication is performed.

On the other hand, when the distribution control unit 241 of the distribution server 2 receives a cache miss notification from the cache server 3 via the communication I/F 21, the distribution control unit 241 sends the encrypted data file to the cache server 3 via the communication I/F 21. (also referred to as "encrypted content") (FIG. 6: S7). In this step, the data file (content) registered in the "Content" field in Figure 4 is encrypted using the common key registered in the "Key" field in association with the data file, and then distributed. It is transmitted by the control unit 241. Note that in the distribution server 2, the encrypted content may be stored in the storage unit 22 in advance and content encryption processing at the time of transmission may be omitted.

Further, upon receiving the encrypted content from the distribution server 2 via the communication I/F 31, the cache management unit 341 of the cache server 3 stores the received encrypted content in the storage device 32, and also stores the received encrypted content in the storage device 32 and stores the encrypted content in the table shown in FIG. The encrypted content and the tag are stored in association with each other (FIG. 6: S8).

Furthermore, the cache management unit 341 transmits the encrypted content to the terminal 4 via the communication I/F 31 (FIG. 6: S9). In this step, it is assumed that the HTTPS session started in S4 is restarted and encrypted communication is performed between the cache server 3 and the terminal 4. The session can be restarted using, for example, an existing session resumption technique. On the other hand, the request processing unit 441 of the terminal 4 receives the encrypted content via the communication I/F 41 and stores it in the storage device 42 .

Further, the key management unit 242 of the distribution server 2 receives the notification of the cache miss in S6, and after transmitting the encrypted content to the cache server 3, the key management unit 242 of the distribution server 2 transmits the encrypted content via the communication I/F 21 to the common The key is sent to the terminal 4 (FIG. 6: S10). In this step, it is assumed that the HTTPS session started in S1 is restarted and encrypted communication is performed between the distribution server 2 and the terminal 4.

Then, the decryption processing unit 442 of the terminal 4 receives the common key via the communication I/F 41, and uses the common key to decrypt the encrypted content received in S9 (FIG. 6: S11). In this way, the terminal 4 can acquire a desired data file from the distribution server 2 and read its contents.

Note that in the case of a cache miss, the encrypted content may be directly transmitted from the distribution server 2 to the terminal 4. Further, the cache server 3 may decide whether or not to cache the encrypted content based on a predetermined rule, or the distribution server 2 or the like may control which encrypted content should be cached. It's okay.

If it is determined in S5 of FIG. 3 that a cache hit has occurred (S5: YES), the process transitions to the process of FIG. 7 via the connector "B". FIG. 7 is a processing flow diagram showing an example of distribution processing. Then, the distribution management unit 342 of the cache server 3 notifies the distribution server 2 of the cache hit via the communication I/F 31 (FIG. 7: S12). In this step, for example, identification information for uniquely identifying the terminal 4, the tag of the data file requested by the terminal 4, and information indicating that a cache hit has been made are notified. As a result, the distribution server 2 can also recognize that a cache hit has occurred, and in the case of a cache hit, the encrypted content is not transmitted from the distribution server 2 to the cache server 3. Note that also in this step, an HTTPS session is started between the cache server 3 and the distribution server 2, and encrypted communication is performed.

Then, the cache management unit 341 of the cache server 3 transmits the encrypted content to the terminal 4 via the communication I/F 31 (FIG. 7: S13). This step is similar to S9 in FIG.

Further, after receiving the cache hit notification in S12, the key management unit 242 of the distribution server 2 transmits a common key for decrypting the encrypted content to the terminal 4 via the communication I/F 21 (FIG. 7 :S14). The cache hit notification may include a request to send the key to the terminal 4. This step is similar to S10 in FIG.

Then, the decryption processing unit 442 of the terminal 4 receives the common key via the communication I/F 41, and uses the common key to decrypt the encrypted content received in S13 (FIG. 7: S15). This step is similar to S11 in FIG. In this way, the terminal 4 can acquire a desired data file from the distribution server 2 and read its contents.

<Effect>
By transmitting the encrypted content from the cache server 3 to the terminal 4 when a cache hit occurs, it is possible to suppress the concentration of access to the distribution server 2 and reduce traffic on the network 1. Furthermore, by using the above-mentioned tags, data files can be cached on the network even when encrypted communication using HTTPS etc., and the cache server 3 can cache data files The contents cannot be specified or read. The key for decrypting the encrypted content is sent to the terminal from a different host than the encrypted content, and at a timing after the distribution server knows whether or not there has been a cache hit in the cache server. At this time, the key can be appropriately managed by restarting the encrypted communication session and transmitting the key.

<Modified example>
In the network system according to the embodiment described above, the communication channel for transmitting encrypted content and the communication channel for transmitting the decryption key of the encrypted content are independent. Therefore, the distribution server 2 may limit the communication paths available to the terminal 4. For example, after the distribution server 2 transmits the tag to the terminal 4 in S2 of FIG. 3, the cache server 3 is further specified and the encrypted content can be acquired only by accessing the specified cache server 3. Furthermore, the distribution server 2 may further set an expiration date for the tag, and invalidate the tag if the terminal 4 does not acquire the encrypted content from the cache server 3 within a certain period of time. By appropriately setting the expiration date, even if a third party illegally acquires the key and tag, it is possible to restrict the acquisition of encrypted content from the cache server.

FIG. 8 is a diagram illustrating an example of the configuration and processing of a network system according to a modification. In this modification, when a request for content is sent from the terminal 4C used by a regular user ((1) in FIG. 8), the distribution server 2 sends the alternative tag according to this modification and the cache server 3 to be accessed. identification information and is transmitted to the terminal 4C (FIG. 8(2)).

The alternative tag shall include a tag, user ID, and time. The tag is identification information of the content that is generated, for example, by a one-way function or randomly, as described above. The user ID is identification information of the user of the terminal 4C, and may be a part of a cookie, an access source IP address, or the like. The time is information indicating the start or end of the expiration date, and may be, for example, the date and time when the alternative tag is generated or the date and time when the alternative tag is to expire. Further, it is assumed that the alternative tag is encrypted with a predetermined key (referred to as a "tag key" for convenience) and cannot be decrypted by the terminal 4C. Note that the distribution server 2 determines the cache server 3 to which the terminal 4C should request cache transmission (that is, the access destination), and uses the common key shared with the determined cache server 3A to perform an alternative cache server 3. The tag is encrypted and sent to the terminal 4C. Therefore, only the access destination cache server 3A determined by the distribution server 2 can decode the alternative tag.

Furthermore, the terminal 4C transmits a request including the alternative tag to the designated access destination cache server 3A (FIG. 8(3)). The cache server 3A decrypts the alternative tag using a pre-held tag key ((4) in FIG. 8). The cache server 3A then transmits a request for content including the tag and user ID included in the alternative tag to the distribution server 2 ((5) in FIG. 8). At this time, the cache server 3A may determine whether the decryption has been successful, and may interrupt the process if the decryption of the alternative tag fails with the pre-held tag key. Further, the cache server 3A may determine whether the time is within a predetermined expiration date based on the time included in the alternative tag, and may suspend processing if it is not within the expiration date. In addition, the cache server 3A determines whether the requesting terminal 4C and the user ID are a predetermined appropriate combination based on the user ID included in the alternative tag, and if the combination is not appropriate, performs processing. You may interrupt.

On the other hand, the distribution server 2 that has received the content request reads the encrypted content associated with the tag and transmits it to the cache server 3A ((6) in FIG. 8). This step is similar to S7 in FIG. The cache server 3A then transmits the encrypted content to the terminal 4C ((7) in FIG. 8). This step is similar to S9 in FIG. Furthermore, the distribution server 2 transmits the common key used to encrypt the content to the terminal 4C ((8) in FIG. 8). This step is similar to S10 in FIG. In this way, the encrypted content can be decrypted and played back on the terminal 4C.

Further, even if the terminal 4D used by an unauthorized user obtains an encrypted alternative tag, the alternative tag cannot be decrypted in the cache server 3B, which is not an appropriate access destination, and processing is interrupted. Also, in the cache server 3A, which is an appropriate access destination, processing is interrupted in response to a request from the terminal 4D because the expiration date has not expired or the combination of the user ID and the terminal 4D is appropriate. In this way, according to this modification, even if an unauthorized user acquires the key and tag, viewing of the content can be restricted.

<Others>
The configurations of the embodiments and modified examples are illustrative, and the present invention is not limited to the configurations described above. Further, the configurations shown in the embodiments and modified examples can be combined as much as possible without departing from the problems and technical ideas of the present invention.

Note that data files to be cached are not limited to content such as videos and music, but may also be various electronic data generated, read, written, stored, etc. by a computer, such as documents and executable files of applications. Furthermore, the distribution server 2 may further determine whether the user of the terminal 4 has the authority to access the data file, based on, for example, the ID and password issued to the user.

Further, for encrypting the content to be cached, an encryption method such as AES128-GCM that can add a MAC to detect tampering may be adopted. Furthermore, if the cached encrypted content cannot be decrypted by the terminal 4, the encrypted content may be cached again in the cache server 3.

The present invention includes a computer program that performs the processing described above. Furthermore, a computer-readable recording medium on which the program is recorded also belongs to the scope of the present invention. Regarding the recording medium on which the program is recorded, the above-mentioned processing becomes possible by causing a computer to read and execute the program on the recording medium.

Here, the computer-readable recording medium refers to a recording medium that stores information such as data and programs by electrical, magnetic, optical, mechanical, or chemical action and can be read by a computer. Among such recording media, those that can be removed from the computer include flexible disks, magneto-optical disks, optical disks, magnetic tapes, and memory cards. Furthermore, examples of recording media fixed to the computer include a hard disk drive, ROM, and the like.

1: Network system 2: Distribution server 21: Communication I/F
22: Storage device 23: Input/output device 24: Processor 241: Distribution control unit 242: Key management unit 25: Bus 3: Distribution server 31: Communication I/F
32: Storage device 33: Input/output device 34: Processor 341: Cache management section 342: Distribution management section 35: Bus 4: Terminal 41: Communication I/F
42: Storage device 43: Input/output device 44: Processor 441: Request processing unit 442: Decryption processing unit 45: Bus

Claims (6)

A network system including a distribution server that distributes a data file, a cache server that caches the data file, and a terminal that receives the data file,
The distribution server is
a distribution control unit that, when receiving a data file transmission request from the terminal, transmits identification information associated with the requested data file to the terminal;
a key management unit that transmits a key for decrypting an encrypted data file to the terminal;
The cache server is
When receiving a request to transmit a data file including the identification information from the terminal, if the data file is cached in a storage device in association with the requested identification information, transmitting the data file to the terminal; a cache management unit that receives the encrypted data file from the distribution server and stores it in the storage device when the data file is not cached in the storage device in association with the requested identification information ;
The distribution server and the terminal establish a session for encrypted communication in a process performed by the distribution control unit, and restart the session in a process performed by the key management unit.
network system. The network system according to claim 1, wherein the identification information is a value calculated from a data file associated with the identification information or a network address of the data file using a predetermined one-way function. The network system according to claim 1 or 2, wherein the distribution server, the cache server, and the terminal perform encrypted communication with each other. A cache server that distributes a data file and caches the data file, and a distribution server that communicates with a terminal that receives the data file,
When a data file transmission request is received from the terminal, identification information associated with the requested data file is transmitted to the terminal, and a data file transmission request including the identification information is received from the cache server. a distribution control unit that transmits the encrypted data file to the cache server;
a key management unit that transmits a key for decrypting an encrypted data file to the terminal ;
Establishing a session with the terminal for encrypted communication in a process performed by the distribution control unit, and restarting the session in a process performed by the key management unit.
Distribution server. A distribution method executed by a cache server that distributes a data file and caches the data file, and a distribution server that communicates with a terminal that receives the data file, the method comprising:
When a data file transmission request is received from the terminal, identification information associated with the requested data file is transmitted to the terminal, and a data file transmission request including the identification information is received from the cache server. a first step of transmitting the encrypted data file to the cache server;
a second step of transmitting a key for decrypting the encrypted data file to the terminal;
including;
A session for performing encrypted communication is established with the terminal in the first step, and the session is restarted in the second step.
Delivery method. A distribution program executed by a cache server that distributes a data file and caches the data file, and a distribution server that communicates with a terminal that receives the data file,
When a data file transmission request is received from the terminal, identification information associated with the requested data file is transmitted to the terminal, and a data file transmission request including the identification information is received from the cache server. a first step of transmitting the encrypted data file to the cache server;
a second step of transmitting a key for decrypting the encrypted data file to the terminal;
In addition to having the distribution server execute
causing the distribution server to establish a session for performing encrypted communication with the terminal in the first step, and restarting the session in the second step.
Delivery program.

Images