KR20160131622A - Personal information transfer system - Google Patents
Personal information transfer system Download PDFInfo
- Publication number
- KR20160131622A KR20160131622A KR1020150064464A KR20150064464A KR20160131622A KR 20160131622 A KR20160131622 A KR 20160131622A KR 1020150064464 A KR1020150064464 A KR 1020150064464A KR 20150064464 A KR20150064464 A KR 20150064464A KR 20160131622 A KR20160131622 A KR 20160131622A
- Authority
- KR
- South Korea
- Prior art keywords
- personal information
- token
- stored
- encrypted
- file
- Prior art date
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/02—Standardisation; Integration
- H04L41/024—Standardisation; Integration using relational databases for representation of network management data, e.g. managing via structured query language [SQL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Medical Informatics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Storage Device Security (AREA)
Abstract
Description
BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal information transfer system, and more particularly, to a system capable of encrypting and transferring secure personal information to a NoSQL database securely.
Recently, as the collection and use of personal information become more and more common, the scope of collecting personal information is greatly increasing. In addition, due to the leakage of personal information, it is required to encrypt and store the personal information in order to prevent leakage of the personal information.
However, as the number of users increases, data processing speed and data processing capacity are limited to encrypt and store vast amounts of personal information using a general RDBMS (Relational Data Base Management System).
Accordingly, it is an object of the present invention to provide a personal information transfer system capable of safely transferring a large amount of stored personal information to a NoSQL database implemented in a cluster form.
In order to accomplish one object of the present invention, a personal information transfer system according to an embodiment of the present invention encrypts personal information of a plurality of users stored in a original SAM (Sequential Access Method) file and transfers the personal information to a NoSQL database. The personal information transfer system includes a main server, a token server, and a NoSQL database. The main server reads the personal information from the original SAM file and selectively outputs the personal information to be encrypted from the personal information based on the encryption information stored in the configuration file. The token server receives the encryption target personal information from the main server, generates tokens mapped on a one-to-one basis with each of the encryption target personal information and having a text format having the same length as each of the encryption target personal information To the main server. The main server replaces the encryption target personal information with the tokens in the read personal information to generate token personal information of each of the plurality of users, and stores the token personal information in the same format as the original SAM file And stores the token private information stored in the token SAM file in the NoSQL database on a row-by-row basis.
In one embodiment, the NoSQL database may be HBASE operating on an HDFS (HADOOP Distributed File System).
The original SAM file stores first through n-th personal information corresponding to each of the plurality of users in units of rows, and the first through n-th personal information are stored in first through n-th columns of the original SAM file And the encryption information stored in the configuration file may include an encryption column number corresponding to a number of a column to be encrypted among the first to nth columns.
The main server reads out the first to n-th personal information of each of the plurality of users stored in the original SAM file, and stores the first to n-th personal information in a column corresponding to the encrypted column number Providing personal information to the token server as the encryption target personal information, replacing the encryption target personal information among the first to n < th > personal information with the tokens received from the token server, N token personal information of the first to n-th token personal information, and storing the first to n-th token personal information as the token SAM file, and generating a personal information table in the HBASE, The first to n-th token private information is read in units of rows and stored in a put object, And storing the first to n-th token personal information corresponding to the foot object in the personal information table using a Put function.
Wherein the encrypting unit reads the first to n-th personal information stored in the original SAM file in row units and sequentially stores the read first to n-th personal information in a first array, and each time the size of the first array reaches a predetermined first size, Wherein the first array is stored in a first array and the first to nth pieces of personal information are read out in rows from the original SAM file sequentially in a new first array, The encryption thread reads the personal information stored in the column corresponding to the encrypted column number among the first to nth personal information stored in the first array and stores the read personal information in the second array as the encryption target personal information, Providing an array to the token server, storing the tokens provided from the token server in a third array, And a fourth arrangement including the first to n-th token personal information of each of the plurality of users by replacing the encryption target personal information among the stored first to n-th personal information with the tokens stored in the third arrangement And write the first to n-th token personal information stored in the fourth array into the token SAM file.
When a plurality of the encryption threads are generated, each of the encryption threads writes the first to n-th token personal information stored in the fourth array into the token SAM file after all the encryption threads generated first are all terminated .
The transfer unit sets names of column qualifiers to be stored in each of the first to n-th token personal information stored in the token SAM file in the personal information table, Each time the n-th token personal information is read in row units, a HashMap type input object is created, and the read first to n-th token personal information is associated with the names of the corresponding column qualifiers, Each time the number of input objects generated reaches a predetermined foot size, a transfer thread is created to provide the input objects to the escape thread, and the escape thread receives the input The first to n-th objects stored in a key / value format in each of the input objects, Storing the personal information in a corresponding put object and storing the first to nth token personal information stored in the foot objects in the personal information table using a Put function provided by the HBASE have.
The personal information transfer system according to the embodiments of the present invention can store encrypted personal information in a table of the same type and the same size as the table in which the original personal information can be stored, The personal information providing service can be provided at a high speed and the risk of data loss due to a defect in the physical device storing the personal information can be effectively reduced.
1 is a block diagram illustrating a personal information transfer system according to an embodiment of the present invention.
FIG. 2 is a diagram showing an example of a text SAM file included in the personal information transfer system of FIG. 1; FIG.
3 is a diagram showing an example of a configuration file included in the personal information transfer system of FIG.
4 is a diagram showing an example of a token SAM file generated by the personal information transfer system of FIG.
5 is a block diagram showing an example of a main server included in the personal information transfer system of FIG.
6 is a flowchart showing an example of the operation of the encryption unit included in the main server of FIG.
7 is a flowchart showing an example of the operation of the cryptographic thread generated by the encryption unit included in the main server of Fig.
8 is a flowchart showing an example of the operation of the return pipe included in the main server of Fig.
9 is a diagram illustrating an example of an input object generated by a relay unit included in the main server of FIG.
10 is a flowchart showing an example of an operation of a transfer thread generated by a transfer unit included in the main server of FIG.
11 is a view showing an example of a foot object generated by a relay unit included in the main server of FIG.
For the embodiments of the invention disclosed herein, specific structural and functional descriptions are set forth for the purpose of describing an embodiment of the invention only, and it is to be understood that the embodiments of the invention may be practiced in various forms, The present invention should not be construed as limited to the embodiments described in Figs.
The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It is to be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but on the contrary, is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.
The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms may be used for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.
It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.
The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprise", "having", and the like are intended to specify the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, , Steps, operations, components, parts, or combinations thereof, as a matter of principle.
Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be construed as meaning consistent with meaning in the context of the relevant art and are not to be construed as ideal or overly formal in meaning unless expressly defined in the present application .
Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.
1 is a block diagram illustrating a personal information transfer system according to an embodiment of the present invention.
Referring to FIG. 1, the personal
The personal
Specifically, the
In one embodiment, the
FIG. 2 is a diagram showing an example of a text SAM file included in the personal information transfer system of FIG. 1; FIG.
In one embodiment, the
The
Also, the names of the first to n-th personal information may be stored in the first row of the
In FIG. 2, each of the first through n-th columns is shown as being separated by ", ", but each of the first through n-th columns may be distinguished through different predetermined delimiters.
3 is a diagram showing an example of a configuration file included in the personal information transfer system of FIG.
3, the
Encryption information (ENCRYPTION COLUMN) encrypts the encrypted column number corresponding to the number of the column to be encrypted among the first to nth columns of the
3, the name (TABLE) of the personal information table is "ABC", the name (COLUMN FAMILY) of the column family of the personal information table is "PI" The column (ROW KEY COLUMN) to be the row key of the information table indicates that it is the first column corresponding to "UID ".
3, the
2 and 3, when the
Referring back to FIG. 1, the
When the
The
4 is a diagram showing an example of a token SAM file generated by the personal information transfer system of FIG.
When the original SAM file 102 and the
After generating the token SAM file 103, the
In one embodiment, the
Hereinafter, it is described that the
5 is a block diagram showing an example of a main server included in the personal information transfer system of FIG.
Referring to FIG. 5, the
The
6 is a flowchart showing an example of the operation of the encryption unit included in the main server of FIG.
Hereinafter, the operation of the
The
Then, the
6, the encrypting
The
If the size of the first array does not reach the first size (step S150: NO), the
On the other hand, if the size of the first array reaches the first size (step S150; YES), the
The encrypting
If the size of the first array reaches the first size (step S150; YES), the
On the other hand, if all the rows of the original SAM file 102 have been read (step S130; YES), the
7 is a flowchart showing an example of the operation of the cryptographic thread generated by the encryption unit included in the main server of Fig.
Referring to FIG. 7, the cryptographic thread includes a column corresponding to the encryption column number stored in the
The encryption thread stores the tokens (TKS) received from the
As described above with reference to FIG. 6, the
As described above with reference to FIG. 7, each of the cryptographic threads writes the first to n-th token personal information stored in each of the fourth arrays in the token SAM file 103 The token SAM file 103 writes the first to n-th token personal information stored in the fourth arrangement provided to the token SAM file 103 to the token SAM file 103, And may store the first to n-th token personal information corresponding to each of the plurality of users in the same order as the first to n-th personal information corresponding to each of the plurality of users.
Referring again to FIG. 5, the
8 is a flowchart showing an example of the operation of the return pipe included in the main server of Fig.
Hereinafter, the operation of the
The
Then, the
Specifically, referring to FIG. 8, the
If all the rows of the token SAM file 103 have not been read out (step S330: No), the
9 is a diagram illustrating an example of an input object generated by a relay unit included in the main server of FIG.
The input object INPUTKV of the HashMap type shown in FIG. 9 is illustratively shown storing the first to third token private information corresponding to the first user stored in the token SAM file 103 of FIG.
As shown in FIG. 9, the input object INPUTKV may store each of the first to n-th token personal information in a key / value format in association with the names of the corresponding column qualifiers.
Referring again to FIG. 8, the
Thereafter, the
If the size of the fifth array does not reach the foot size (step S360: No), the
On the other hand, if the size of the fifth array has reached the foot size (step S360; YES), the
Thereafter, the
Also, if the size of the fifth array has reached the foot size (step S360; YES), the
On the other hand, if all the rows of the token SAM file 103 have been read (step S330; YES), the
10 is a flowchart showing an example of an operation of a transfer thread generated by a transfer unit included in the main server of FIG.
10, the escape thread determines whether the personal information table corresponding to the name (TABLE) of the personal information table stored in the
Thereafter, the escape thread generates a put object PUT_O of the put type provided by the
11 is a view showing an example of a foot object generated by a relay unit included in the main server of FIG.
The foot-type put object PUT_O shown in FIG. 11 is illustratively shown storing the first to third token personal information corresponding to the first user stored in the input object INPUTKV of FIG.
As described above with reference to FIG. 3, the personal information table has the first column corresponding to the user's ID (UID) as a low key, and the name of the column family of the personal information table (COLUMN FAMILY) Respectively.
11, the escape thread stores "ake" corresponding to the "UID" of the input object INPUTKV in the row key area of the foot object PUT_O, (INPUTKV) in the column qualifier area of the foot object PUT_O is stored as a key / value format in the input object (INPUTKV) of Fig. 9 in the column area of the foot object PUT_O, And sequentially store the first to third token personal information and the corresponding column qualifier names stored in the memory.
Referring again to FIG. 10, the escape thread generates a foot object PUT_O corresponding to each of the input objects included in the fifth array provided from the
1 to 11, the personal
In addition, the personal
The personal information transfer system according to the embodiments of the present invention can be useful for encrypting a large amount of accumulated personal information and safely transferring it to the NoSQL database.
Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims. It will be understood that the invention may be modified and varied without departing from the scope of the invention.
10: personal information transfer system 100: main server
110: encryption unit 120:
200: Token Server 300: NoSQL Database
Claims (7)
A main server for reading the personal information from the original SAM file and selectively outputting personal information to be encrypted among the personal information based on the encryption information stored in the configuration file;
To-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be- Providing token server; And
Including the NoSQL database,
The main server replaces the encryption target personal information with the tokens in the read personal information to generate token personal information of each of the plurality of users, and stores the token personal information in the same format as the original SAM file And storing the token private information stored in the token SAM file in the NoSQL database on a row-by-row basis.
Wherein the encryption information stored in the configuration file includes an encryption column number corresponding to a number of a column to be encrypted among the first to nth columns.
Reads the first to n-th personal information of each of the plurality of users stored in the original SAM file, and stores the personal information stored in the column corresponding to the encrypted column number among the first to n-th personal information, And tokens of the first to n-th pieces of personal information are replaced with the tokens received from the token server, thereby providing first to n-th pieces of personal information to the token server, n token private information, and storing the first to n-th token personal information as the token SAM file; And
The first to n-th token private information stored in the token SAM file is read in row units and stored in a put object, and a Put function And a transfer unit for storing the first to n-th token personal information corresponding to the foot object in the personal information table using the personal information transfer system.
The encryption thread reads personal information stored in a column corresponding to the encrypted column number among the first to nth personal information stored in the first array and stores the personal information in the second array as the encryption target personal information, 2 to the token server, storing the tokens provided from the token server in a third array, and transmitting the to-be-encrypted personal information from the first to the n-th personal information to the token server, Th token personal information stored in the fourth array, replacing the tokens stored in the fourth array with the tokens stored in the fourth array, and generating a fourth array including the first to n-th token personal information of each of the plurality of users, To the token SAM file.
Wherein the escape thread generates the put objects corresponding to the input objects and stores the first to nth token personal information stored in the key / value format in each of the input objects into a corresponding put object And stores the first to n-th token personal information stored in the foot objects in the personal information table using a Put function provided by the HBASE.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150064464A KR101728878B1 (en) | 2015-05-08 | 2015-05-08 | Personal information transfer system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
KR1020150064464A KR101728878B1 (en) | 2015-05-08 | 2015-05-08 | Personal information transfer system |
Publications (2)
Publication Number | Publication Date |
---|---|
KR20160131622A true KR20160131622A (en) | 2016-11-16 |
KR101728878B1 KR101728878B1 (en) | 2017-05-02 |
Family
ID=57541221
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
KR1020150064464A KR101728878B1 (en) | 2015-05-08 | 2015-05-08 | Personal information transfer system |
Country Status (1)
Country | Link |
---|---|
KR (1) | KR101728878B1 (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020086197A1 (en) * | 2018-10-25 | 2020-04-30 | Mastercard International Incorporated | Asymmetric encryption scheme for secure data transmission |
KR102270896B1 (en) * | 2020-01-06 | 2021-06-30 | 주식회사 아미크 | Method and system for archiving data based on data de-identification |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
AU2011354630C1 (en) * | 2011-01-12 | 2016-03-24 | Virtru Corporation | Methods and systems for distributing cryptographic data to authenticated recipients |
KR101330072B1 (en) * | 2013-07-12 | 2013-11-18 | (주)아울시스템즈 | Method and system for restoring data in database |
KR101428648B1 (en) * | 2014-01-29 | 2014-08-13 | (주)케이사인 | Method of block token-based encryption and method of block token-based decryption |
KR101428649B1 (en) * | 2014-03-07 | 2014-08-13 | (주)케이사인 | Encryption system for mass private information based on map reduce and operating method for the same |
-
2015
- 2015-05-08 KR KR1020150064464A patent/KR101728878B1/en active IP Right Grant
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2020086197A1 (en) * | 2018-10-25 | 2020-04-30 | Mastercard International Incorporated | Asymmetric encryption scheme for secure data transmission |
KR102270896B1 (en) * | 2020-01-06 | 2021-06-30 | 주식회사 아미크 | Method and system for archiving data based on data de-identification |
KR20210088419A (en) * | 2020-01-06 | 2021-07-14 | 주식회사 아미크 | Method and system for archiving data for minimizing cost of data transmission and inquiry |
Also Published As
Publication number | Publication date |
---|---|
KR101728878B1 (en) | 2017-05-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108932297B (en) | Data query method, data sharing method, device and equipment | |
US9720943B2 (en) | Columnar table data protection | |
US10541983B1 (en) | Secure storage and searching of information maintained on search systems | |
US8516271B2 (en) | Securing non-volatile memory regions | |
KR101371608B1 (en) | Database Management System and Encrypting Method thereof | |
CN111539813A (en) | Method, device, equipment and system for backtracking processing of business behaviors | |
US8874932B2 (en) | Method for order invariant correlated encrypting of data and SQL queries for maintaining data privacy and securely resolving customer defects | |
CN102855448B (en) | A kind of Field-level database encryption device | |
JP2005505069A5 (en) | ||
US8769302B2 (en) | Encrypting data and characterization data that describes valid contents of a column | |
US20180246677A1 (en) | Data randomization for flash memory | |
US20170279786A1 (en) | Systems and methods to protect sensitive information in data exchange and aggregation | |
CN106815528A (en) | A kind of file management method and device, storage device | |
Wang et al. | ReRAM-based processing-in-memory architecture for blockchain platforms | |
CN105279198A (en) | Data table storage method, data table modification method, data table query method and data table statistical method | |
CN111726230A (en) | Data storage method, data recovery method, device and equipment | |
JP2018160129A (en) | Data generation program, data generation method, and data generation apparatus | |
JP6605746B2 (en) | Secret coupling system, secret coupling apparatus, secret coupling method, program | |
KR101728878B1 (en) | Personal information transfer system | |
KR101428649B1 (en) | Encryption system for mass private information based on map reduce and operating method for the same | |
JP5480828B2 (en) | Secret sort system, secret sort device, secret sort method, secret sort program | |
CN101908361B (en) | Method for hiding private information of U disk | |
Vershinin et al. | Associative steganography of text messages | |
CN111368316B (en) | File encryption and decryption method and device | |
Sreelaja et al. | An image edge based approach for image password encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A201 | Request for examination | ||
E902 | Notification of reason for refusal | ||
E701 | Decision to grant or registration of patent right |