KR20160131622A - Personal information transfer system - Google Patents

Personal information transfer system Download PDF

Info

Publication number
KR20160131622A
KR20160131622A KR1020150064464A KR20150064464A KR20160131622A KR 20160131622 A KR20160131622 A KR 20160131622A KR 1020150064464 A KR1020150064464 A KR 1020150064464A KR 20150064464 A KR20150064464 A KR 20150064464A KR 20160131622 A KR20160131622 A KR 20160131622A
Authority
KR
South Korea
Prior art keywords
personal information
token
stored
encrypted
file
Prior art date
Application number
KR1020150064464A
Other languages
Korean (ko)
Other versions
KR101728878B1 (en
Inventor
김현욱
박준형
Original Assignee
(주)케이사인
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by (주)케이사인 filed Critical (주)케이사인
Priority to KR1020150064464A priority Critical patent/KR101728878B1/en
Publication of KR20160131622A publication Critical patent/KR20160131622A/en
Application granted granted Critical
Publication of KR101728878B1 publication Critical patent/KR101728878B1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/02Standardisation; Integration
    • H04L41/024Standardisation; Integration using relational databases for representation of network management data, e.g. managing via structured query language [SQL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Medical Informatics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)

Abstract

A personal information transfer system encodes personal information of a plurality of users, which is stored in an original SAM file to transfer the personal information to an NoSQL database. The personal information transfer system includes a main server, a token server, and an NoSQL database. The main server reads personal information from an original SAM file, and selectively outputs encryption target personal information from the personal information, based on the encryption information stored in a set file. The token server receives encryption target personal information from the main server, is mapped with the encryption target personal information in one-to-one correspondence, and generates tokens having the same length as the encryption target personal information and having a text format to provide the tokens to the main server. The main server generates token personal information of the plurality of users by replacing encryption target personal information, of the read personal information, by tokens, stores the token personal information as a token SAM file having the same format as that of the original SAM file, and stores token personal information stored in the token SAM file in an NoSQL database in a low unit. According to the present invention, encrypted personal information may be stored in a table having the same type and size as those of the table in which the personal information may be stored.

Description

{PERSONAL INFORMATION TRANSFER SYSTEM}

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a personal information transfer system, and more particularly, to a system capable of encrypting and transferring secure personal information to a NoSQL database securely.

Recently, as the collection and use of personal information become more and more common, the scope of collecting personal information is greatly increasing. In addition, due to the leakage of personal information, it is required to encrypt and store the personal information in order to prevent leakage of the personal information.

However, as the number of users increases, data processing speed and data processing capacity are limited to encrypt and store vast amounts of personal information using a general RDBMS (Relational Data Base Management System).

Accordingly, it is an object of the present invention to provide a personal information transfer system capable of safely transferring a large amount of stored personal information to a NoSQL database implemented in a cluster form.

In order to accomplish one object of the present invention, a personal information transfer system according to an embodiment of the present invention encrypts personal information of a plurality of users stored in a original SAM (Sequential Access Method) file and transfers the personal information to a NoSQL database. The personal information transfer system includes a main server, a token server, and a NoSQL database. The main server reads the personal information from the original SAM file and selectively outputs the personal information to be encrypted from the personal information based on the encryption information stored in the configuration file. The token server receives the encryption target personal information from the main server, generates tokens mapped on a one-to-one basis with each of the encryption target personal information and having a text format having the same length as each of the encryption target personal information To the main server. The main server replaces the encryption target personal information with the tokens in the read personal information to generate token personal information of each of the plurality of users, and stores the token personal information in the same format as the original SAM file And stores the token private information stored in the token SAM file in the NoSQL database on a row-by-row basis.

In one embodiment, the NoSQL database may be HBASE operating on an HDFS (HADOOP Distributed File System).

The original SAM file stores first through n-th personal information corresponding to each of the plurality of users in units of rows, and the first through n-th personal information are stored in first through n-th columns of the original SAM file And the encryption information stored in the configuration file may include an encryption column number corresponding to a number of a column to be encrypted among the first to nth columns.

The main server reads out the first to n-th personal information of each of the plurality of users stored in the original SAM file, and stores the first to n-th personal information in a column corresponding to the encrypted column number Providing personal information to the token server as the encryption target personal information, replacing the encryption target personal information among the first to n < th > personal information with the tokens received from the token server, N token personal information of the first to n-th token personal information, and storing the first to n-th token personal information as the token SAM file, and generating a personal information table in the HBASE, The first to n-th token private information is read in units of rows and stored in a put object, And storing the first to n-th token personal information corresponding to the foot object in the personal information table using a Put function.

Wherein the encrypting unit reads the first to n-th personal information stored in the original SAM file in row units and sequentially stores the read first to n-th personal information in a first array, and each time the size of the first array reaches a predetermined first size, Wherein the first array is stored in a first array and the first to nth pieces of personal information are read out in rows from the original SAM file sequentially in a new first array, The encryption thread reads the personal information stored in the column corresponding to the encrypted column number among the first to nth personal information stored in the first array and stores the read personal information in the second array as the encryption target personal information, Providing an array to the token server, storing the tokens provided from the token server in a third array, And a fourth arrangement including the first to n-th token personal information of each of the plurality of users by replacing the encryption target personal information among the stored first to n-th personal information with the tokens stored in the third arrangement And write the first to n-th token personal information stored in the fourth array into the token SAM file.

When a plurality of the encryption threads are generated, each of the encryption threads writes the first to n-th token personal information stored in the fourth array into the token SAM file after all the encryption threads generated first are all terminated .

The transfer unit sets names of column qualifiers to be stored in each of the first to n-th token personal information stored in the token SAM file in the personal information table, Each time the n-th token personal information is read in row units, a HashMap type input object is created, and the read first to n-th token personal information is associated with the names of the corresponding column qualifiers, Each time the number of input objects generated reaches a predetermined foot size, a transfer thread is created to provide the input objects to the escape thread, and the escape thread receives the input The first to n-th objects stored in a key / value format in each of the input objects, Storing the personal information in a corresponding put object and storing the first to nth token personal information stored in the foot objects in the personal information table using a Put function provided by the HBASE have.

The personal information transfer system according to the embodiments of the present invention can store encrypted personal information in a table of the same type and the same size as the table in which the original personal information can be stored, The personal information providing service can be provided at a high speed and the risk of data loss due to a defect in the physical device storing the personal information can be effectively reduced.

1 is a block diagram illustrating a personal information transfer system according to an embodiment of the present invention.
FIG. 2 is a diagram showing an example of a text SAM file included in the personal information transfer system of FIG. 1; FIG.
3 is a diagram showing an example of a configuration file included in the personal information transfer system of FIG.
4 is a diagram showing an example of a token SAM file generated by the personal information transfer system of FIG.
5 is a block diagram showing an example of a main server included in the personal information transfer system of FIG.
6 is a flowchart showing an example of the operation of the encryption unit included in the main server of FIG.
7 is a flowchart showing an example of the operation of the cryptographic thread generated by the encryption unit included in the main server of Fig.
8 is a flowchart showing an example of the operation of the return pipe included in the main server of Fig.
9 is a diagram illustrating an example of an input object generated by a relay unit included in the main server of FIG.
10 is a flowchart showing an example of an operation of a transfer thread generated by a transfer unit included in the main server of FIG.
11 is a view showing an example of a foot object generated by a relay unit included in the main server of FIG.

For the embodiments of the invention disclosed herein, specific structural and functional descriptions are set forth for the purpose of describing an embodiment of the invention only, and it is to be understood that the embodiments of the invention may be practiced in various forms, The present invention should not be construed as limited to the embodiments described in Figs.

The present invention is capable of various modifications and various forms, and specific embodiments are illustrated in the drawings and described in detail in the text. It is to be understood, however, that the invention is not intended to be limited to the particular forms disclosed, but on the contrary, is intended to cover all modifications, equivalents, and alternatives falling within the spirit and scope of the invention.

The terms first, second, etc. may be used to describe various components, but the components should not be limited by the terms. The terms may be used for the purpose of distinguishing one component from another. For example, without departing from the scope of the present invention, the first component may be referred to as a second component, and similarly, the second component may also be referred to as a first component.

It is to be understood that when an element is referred to as being "connected" or "connected" to another element, it may be directly connected or connected to the other element, . On the other hand, when an element is referred to as being "directly connected" or "directly connected" to another element, it should be understood that there are no other elements in between. Other expressions that describe the relationship between components, such as "between" and "between" or "neighboring to" and "directly adjacent to" should be interpreted as well.

The terminology used in this application is used only to describe a specific embodiment and is not intended to limit the invention. The singular expressions include plural expressions unless the context clearly dictates otherwise. In the present application, the terms "comprise", "having", and the like are intended to specify the presence of stated features, integers, steps, operations, elements, components, or combinations thereof, , Steps, operations, components, parts, or combinations thereof, as a matter of principle.

Unless otherwise defined, all terms used herein, including technical or scientific terms, have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs. Terms such as those defined in commonly used dictionaries should be construed as meaning consistent with meaning in the context of the relevant art and are not to be construed as ideal or overly formal in meaning unless expressly defined in the present application .

Hereinafter, preferred embodiments of the present invention will be described in detail with reference to the accompanying drawings. The same reference numerals are used for the same constituent elements in the drawings and redundant explanations for the same constituent elements are omitted.

1 is a block diagram illustrating a personal information transfer system according to an embodiment of the present invention.

Referring to FIG. 1, the personal information transfer system 10 includes a main server 100, a token server 200, and a NoSQL database 300.

The personal information transfer system 10 encrypts personal information of a plurality of users stored in the original PS (Sequential Access Method) file (SAM) 102 and transfers the personal information to the NoSQL database 300.

Specifically, the main server 100 reads the personal information from the original SAM file 102, and reads the read personal information based on the encryption information stored in the configuration file (CFG_F) EI) and non-encrypted subject personal information (UEI).

In one embodiment, the original SAM file 102 may be generated based on the personal information of the plurality of users stored in a relational data base management system (RDBMS) located outside the personal information transfer system 10 have.

FIG. 2 is a diagram showing an example of a text SAM file included in the personal information transfer system of FIG. 1; FIG.

In one embodiment, the original SAM file 102 stores first through n-th personal information corresponding to each of the plurality of users on a row-by-row basis, May be stored in the first to nth columns of the file 102, respectively.

The original SAM file 102 shown in FIG. 2 illustratively includes first through third columns, wherein the first personal information stored in the first column represents the user's ID (UID), and stored in the second column The second personal information indicating the user's telephone number (TEL), and the third personal information stored in the third column indicates the user's social security number (JM).

Also, the names of the first to n-th personal information may be stored in the first row of the original SAM file 102.

In FIG. 2, each of the first through n-th columns is shown as being separated by ", ", but each of the first through n-th columns may be distinguished through different predetermined delimiters.

3 is a diagram showing an example of a configuration file included in the personal information transfer system of FIG.

3, the configuration file 101 includes encryption information (ENCRYPTION column), a name of a personal information table to encrypt and store the personal information stored in the original SAM file 102 (TABLE), a column family (ROW KEY COLUMN) for the column to be a row key of the personal information table.

Encryption information (ENCRYPTION COLUMN) encrypts the encrypted column number corresponding to the number of the column to be encrypted among the first to nth columns of the original SAM file 102 and the private information corresponding to the encrypted column number You can include the encryption policy to use. In one embodiment, the encryption policy may indicate how many characters of the corresponding personal information should be encrypted. For example, in the case of the configuration file 101 shown in FIG. 3, it is indicated that the third personal information corresponding to the third column of the original SAM file 102 should be encrypted according to a security policy of "P001" . In the present specification, it is described that the security policy "P001" indicates that the last seven digits of the corresponding personal information should be encrypted.

3, the name (TABLE) of the personal information table is "ABC", the name (COLUMN FAMILY) of the column family of the personal information table is "PI" The column (ROW KEY COLUMN) to be the row key of the information table indicates that it is the first column corresponding to "UID ".

3, the setting file 101 includes the encryption information ENCRYPTION column, the name of the personal information table TABLE, the name of the column family of the personal information table COLUMN FAMILY, and the row key of the personal information table (ENCRYPTION COLUMN) is stored in the first configuration file, and the name of the personal information table (TABLE), the ID of the individual The name of the column family of the information table (COLUMN FAMILY) and the information about the column to be the row key of the personal information table (ROW KEY COLUMN) may be separately stored in the second setting file.

2 and 3, when the original SAM file 102 and the configuration file 101 included in the personal information transfer system 10 of FIG. 1 are respectively as shown in FIGS. 2 and 3, Reads out the first to n-th pieces of personal information, determines the third piece of personal information indicating the user's resident number as the to-be-encrypted personal information (EI) from among the first to n-th piece of personal information, The first and second personal information indicating the user's telephone number can be determined as the non-encryption subject personal information UEI.

Referring back to FIG. 1, the main server 100 provides the personal information EI to be encrypted to the token server 200. At this time, the main server 100 may provide the token server 200 with the encryption policy corresponding to the personal information EI to be encrypted together with the personal information EI to be encrypted.

When the token server 200 receives the encryption target personal information EI and the encryption policy from the main server 100, the token server 200 encrypts each of the encryption target personal information EI based on the encryption policy, And generates tokens (TKS) mapped on a one-to-one basis with each of the pieces of information EI to provide them to the main server 100. The tokens (TKS) mapped on a one-to-one basis with each of the encryption target personal information EI have the same length as each encryption target personal information EI and can have a text format. For example, if the encryption policy is "P001 ", the token server 200 encrypts the last seven digits of the third personal information corresponding to the encrypted personal information EI to generate tokens (TKS) can do.

The main server 100 replaces the personal information EI to be encrypted with the tokens TKS received from the token server 200 in the read personal information to generate token private information of each of the plurality of users do. Thus, the token personal information of each of the plurality of users may include non-encryption subject personal information UEI and tokens TKS. The main server 100 stores the token personal information of each of the plurality of users as a token SAM file (TSAM) 103 having the same format as the original SAM file 102. [

4 is a diagram showing an example of a token SAM file generated by the personal information transfer system of FIG.

When the original SAM file 102 and the configuration file 101 included in the personal information transfer system 10 of Fig. 1 are respectively as shown in Figs. 2 and 3, the token SAM file 103, as shown in Fig. 4, The third personal information corresponding to the encrypted column number stored in the configuration file 101 in the original SAM file 102 may be replaced with the tokens TKS received from the token server 200. [

After generating the token SAM file 103, the main server 100 creates a personal information table having a name corresponding to the name (TABLE) of the personal information table stored in the configuration file 101 in the NoSQL database 300 And stores the token personal information of each of the plurality of users stored in the token SAM file 103 in the personal information table in a row unit.

In one embodiment, the NoSQL database 300 may be HBASE operating on an HDFS (HADOOP Distributed File System).

Hereinafter, it is described that the NoSQL database 300 is HBASE.

5 is a block diagram showing an example of a main server included in the personal information transfer system of FIG.

Referring to FIG. 5, the main server 100 may include an encryption unit 110 and a relay unit 120.

The encryption unit 110 reads out the first to n-th personal information of each of the plurality of users stored in the original SAM file 102, and stores the first to n-th personal information stored in the configuration file 101 The personal information stored in the column corresponding to the encrypted column number is provided to the token server 200 as the encryption target personal information EI, and the encryption target personal information EI among the first to n < th > Nth token personal information of each of the plurality of users by substituting the tokens (TKS) received from the token server 200, and transmits the first to n-th token personal information to the token SAM file 103).

6 is a flowchart showing an example of the operation of the encryption unit included in the main server of FIG.

Hereinafter, the operation of the encryption unit 110 will be described in detail with reference to FIGS.

The encryption unit 110 can read the first row of the original SAM file 102 and write it to the token SAM file 103 (step S110). Thus, the name of each of the first through n-th personal information stored in the first row of the original SAM file 102 may be stored in the first row of the token SAM file 103.

Then, the encryption unit 110 reads the first to n-th personal information stored in the original SAM file 102 in row units and sequentially stores the first to n-th personal information in a first array, and the size of the first array is a predetermined first Each of which is read out in a row unit from the original SAM file (102) into a new first array, and a second array, n Personal information can be stored sequentially.

6, the encrypting unit 110 may generate a first array (step S120) and determine whether all the rows of the original SAM file 102 have been read (step S130).

The encryption unit 110 reads the first through n-th personal information stored in the next row of the original SAM file 102 (step S130: NO) (Step S140) and determine whether the size of the first array has reached the first size (step S150).

If the size of the first array does not reach the first size (step S150: NO), the encryption unit 110 deletes the original SAM file ( (Step S130), and if all the rows of the original SAM file 102 have not been read (step S130: No), it is determined whether all the rows of the original SAM file 102 have been read It is possible to repeatedly perform the operation of reading the first to n-th personal information and adding it to the first arrangement (step S140).

On the other hand, if the size of the first array reaches the first size (step S150; YES), the encryption unit 110 may generate the encryption thread and provide the first array to the encryption thread S160). The detailed operation of the encryption thread will be described later with reference to FIG.

The encrypting unit 110 then creates a new first array (step S120) and stores all the rows of the original SAM file 102 until the size of the newly created first array reaches the first size (Step S130). If all the rows of the original SAM file 102 have not been read out (step S130: No), it is judged whether or not the first to nth individuals (Step S140) of reading out the information and adding it to the first array can be repeatedly performed.

If the size of the first array reaches the first size (step S150; YES), the encryption unit 110 generates a new encrypted thread and provides the first array to the newly created encrypted thread (Step S160).

On the other hand, if all the rows of the original SAM file 102 have been read (step S130; YES), the encryption unit 110 determines whether the size of the first array is larger than 0 (step S170) If the size of the array is larger than 0 (step S170; Yes), a new encrypted thread may be created and the first array may be provided to the newly created encrypted thread (step S180). If the size of the first array is 0 (step S170: NO), the encryption unit 110 can terminate without creating a new encrypted thread.

7 is a flowchart showing an example of the operation of the cryptographic thread generated by the encryption unit included in the main server of Fig.

Referring to FIG. 7, the cryptographic thread includes a column corresponding to the encryption column number stored in the configuration file 101, among the first to n-th personal information stored in the first array provided from the encryption unit 110 The stored personal information may be read and stored in the second arrangement as the encrypted personal information EI (step S210). The encryption thread may then provide the second array to the token server 200 (step S220).

The encryption thread stores the tokens (TKS) received from the token server 200 in the third array (step S230), and encrypts the personal information to be encrypted among the first to nth personal information stored in the first array (N) of the plurality of users by replacing the first set of tokens (EI) with the tokens (TKS) stored in the third arrangement (step S240). Thereafter, the cryptographic thread may write the first to n-th token personal information stored in the fourth array into the token SAM file 103.

As described above with reference to FIG. 6, the encryption unit 110 can generate a plurality of the encryption threads. Thus, each of the cryptographic threads may write to the token SAM file 103 all of the first to nth token personal information stored in each of the fourth arrays, (Step S250). If all of the crypto threads generated before the crypto thread are not all terminated (step S250; NO), each of the crypto threads can wait until all the crypto threads generated before the crypto thread are all terminated. If all of the encrypted threads generated before the encryption thread are all terminated (step S250; YES), the encryption threads transmit the first to n-th token personal information stored in the fourth array to the token SAM file 103 (Step S260).

As described above with reference to FIG. 7, each of the cryptographic threads writes the first to n-th token personal information stored in each of the fourth arrays in the token SAM file 103 The token SAM file 103 writes the first to n-th token personal information stored in the fourth arrangement provided to the token SAM file 103 to the token SAM file 103, And may store the first to n-th token personal information corresponding to each of the plurality of users in the same order as the first to n-th personal information corresponding to each of the plurality of users.

Referring again to FIG. 5, the transfer unit 120 stores the name (TABLE) of the personal information table stored in the setting file 101, the name (COLUMN FAMILY) of the column family of the personal information table, Generates the personal information table in the HBASE 300 based on information on the column to be a key (ROW KEY COLUMN), reads the first to n-th token personal information stored in the token SAM file 103 in row units And provides the foot object PUT_O to the HBASE 300 by using a put function provided by the HBASE 300 and stores the put object PUT_O in the put object PUT_O provided by the HBASE 300, (PUT_O) corresponding to the first to n-th token personal information in the personal information table.

8 is a flowchart showing an example of the operation of the return pipe included in the main server of Fig.

Hereinafter, the operation of the pipe section 120 will be described in detail with reference to FIGS.

The transfer unit 120 reads out the first row of the token SAM file 103 and stores the first to nth token personal information in the token SAM file 103 in the personal information table, Names can be set (step S310). For example, if the token SAM file 103 is as shown in FIG. 4, the name of the column qualifier in which the first token private information stored in the token SAM file 103 is to be stored is set to "UID" The name of the column qualifier in which the second token private information stored in the token SAM file 103 is to be stored is set to "TEL " and the name of the column qualifier to be stored in the token SAM file 103 May be set to "JM ".

Then, the transfer unit 120 generates a HashMap type input object each time the first to n-th token personal information is read out from the token SAM file 103 in units of rows, and reads the first to n-th tokens Associating personal information with names of corresponding column qualifiers and storing them in the input object in a key / value format, and each time the number of input objects generated reaches a predetermined foot size, Threads may be created to provide the input objects to the escape thread.

Specifically, referring to FIG. 8, the transfer unit 120 may generate a fifth array (step S320) and determine whether all the rows of the token SAM file 103 have been read (step S330).

If all the rows of the token SAM file 103 have not been read out (step S330: No), the transfer unit 120 reads the first to n-th token personal information stored in the next row of the token SAM file 103 , The input object of the HashMap type may be generated and stored in the input object in a key / value format in association with the names of the corresponding column qualifiers of the read first to nth token private information (step S340) .

9 is a diagram illustrating an example of an input object generated by a relay unit included in the main server of FIG.

The input object INPUTKV of the HashMap type shown in FIG. 9 is illustratively shown storing the first to third token private information corresponding to the first user stored in the token SAM file 103 of FIG.

As shown in FIG. 9, the input object INPUTKV may store each of the first to n-th token personal information in a key / value format in association with the names of the corresponding column qualifiers.

Referring again to FIG. 8, the transfer unit 120 may generate the input object corresponding to one row of the token SAM file 103, and then add the input object to the fifth array (step S350) .

Thereafter, the return pipe section 120 can judge whether or not the size of the fifth arrangement has reached the predetermined foot size (step S360).

If the size of the fifth array does not reach the foot size (step S360: No), the pipe section 120 moves the token SAM file 103 until the size of the fifth array reaches the foot size, (Step S330), and if all the rows of the token SAM file 103 have not been read out (step S330: No), it is determined whether all the rows of the token SAM file 103 have been read To-nth token private information, generates a new input object of the HashMap type, associates the read first to n-th token personal information with names of the corresponding column qualifiers, (Step S340), and adding the input object to the fifth array (step S350).

On the other hand, if the size of the fifth array has reached the foot size (step S360; YES), the transfer unit 120 may generate the transfer thread and provide the fifth array to the transfer thread (step S370 ). The detailed operation of the transfer thread will be described later with reference to FIG.

Thereafter, the transfer unit 120 creates a new fifth array (step S320) and reads all the rows of the token SAM file 103 until the size of the newly created fifth array reaches the foot size (Step S330). If all the rows of the token SAM file 103 have not been read out (step S330: No), the first to n-th token personalities stored in the next row of the token SAM file 103 And generates a new input object of a HashMap type, associates the read first to n-th token private information with the names of the corresponding column qualifiers, (Step S340), and the operation of adding the input object to the fifth array (step S350) may be repeatedly performed.

Also, if the size of the fifth array has reached the foot size (step S360; YES), the transfer unit 120 may generate a new escape thread and provide the fifth array to the newly created escape thread (Step S370).

On the other hand, if all the rows of the token SAM file 103 have been read (step S330; YES), the transfer unit 120 determines whether the size of the fifth array is larger than 0 (step S380) If the size of the array is greater than 0 (step S380; YES), a new escape thread may be created and the fifth array may be provided to the newly created escape thread (step S390). If the size of the fifth array is 0 (step S380: No), the transfer unit 120 may terminate without creating a new escape thread.

10 is a flowchart showing an example of an operation of a transfer thread generated by a transfer unit included in the main server of FIG.

10, the escape thread determines whether the personal information table corresponding to the name (TABLE) of the personal information table stored in the configuration file 101 exists in the HBASE 300 (step S410) If the personal information table corresponding to the name (TABLE) of the personal information table stored in the setting file 101 does not exist in the personal information table 300 (step S410: No), the name of the personal information table stored in the setting file 101 The personal information table is stored in the HBASE 300 on the basis of the table (TABLE), the name of the column family of the personal information table (COLUMN FAMILY), and information on the column to be the row key of the personal information table (ROW KEY COLUMN) (Step S420).

Thereafter, the escape thread generates a put object PUT_O of the put type provided by the HBASE 300 for each of the input objects included in the fifth array provided from the relay unit 120, The first to n-th token personal information stored in the key / value format in each of the input objects included in the fifth arrangement may be stored in the corresponding foot object PUT_O (step S430).

11 is a view showing an example of a foot object generated by a relay unit included in the main server of FIG.

The foot-type put object PUT_O shown in FIG. 11 is illustratively shown storing the first to third token personal information corresponding to the first user stored in the input object INPUTKV of FIG.

As described above with reference to FIG. 3, the personal information table has the first column corresponding to the user's ID (UID) as a low key, and the name of the column family of the personal information table (COLUMN FAMILY) Respectively.

11, the escape thread stores "ake" corresponding to the "UID" of the input object INPUTKV in the row key area of the foot object PUT_O, (INPUTKV) in the column qualifier area of the foot object PUT_O is stored as a key / value format in the input object (INPUTKV) of Fig. 9 in the column area of the foot object PUT_O, And sequentially store the first to third token personal information and the corresponding column qualifier names stored in the memory.

Referring again to FIG. 10, the escape thread generates a foot object PUT_O corresponding to each of the input objects included in the fifth array provided from the pipe unit 120, The first to n-th token personal information stored in the foot objects PUT_O may be stored in the personal information table created in the HBASE 300 using the Put function.

1 to 11, the personal information transfer system 10 according to the embodiments of the present invention includes the above-described encryption information stored in the original SAM file 102 based on the encryption information stored in the configuration file 101, (TI) corresponding to the personal information EI to be encrypted by using the token server 200 by determining a part of the personal information of the plurality of users as the personal information EI to be encrypted (EI) is replaced with tokens (TKS) in the personal information and stored in the token SAM file 103 as token personal information of each of the plurality of users. At this time, the tokens (TKS) mapped on the one-to-one basis with each of the encryption target personal information EI have the same length as each encryption target personal information EI and can have a text format. Thus, the token SAM file 103 may be a text file corresponding to the encrypted file for the original SAM file 102, but having the same size as the original SAM file 102. Therefore, the personal information transfer system 10 according to the embodiments of the present invention can store the personal information stored in the token SAM file 103 in the same type and the same size table as the table that can store the personal information stored in the original- You can store token private information.

In addition, the personal information transfer system 10 according to the embodiments of the present invention encrypts the personal information of the plurality of users stored in the original SAM file 102 and then transmits the personal information to the HBASE 300, . Accordingly, even when the number of users increases and the amount of personal information of the plurality of users becomes large, the service providing service can be provided at a high speed, and the risk of data loss due to a defect in the physical device storing personal information can be effectively Can be reduced.

The personal information transfer system according to the embodiments of the present invention can be useful for encrypting a large amount of accumulated personal information and safely transferring it to the NoSQL database.

Although the preferred embodiments of the present invention have been disclosed for illustrative purposes, those skilled in the art will appreciate that various modifications, additions and substitutions are possible, without departing from the scope and spirit of the invention as disclosed in the accompanying claims. It will be understood that the invention may be modified and varied without departing from the scope of the invention.

10: personal information transfer system 100: main server
110: encryption unit 120:
200: Token Server 300: NoSQL Database

Claims (7)

A personal information transfer system for encrypting personal information of a plurality of users stored in a SAM (Sequential Access Method) file and transferring the personal information to a NoSQL database,
A main server for reading the personal information from the original SAM file and selectively outputting personal information to be encrypted among the personal information based on the encryption information stored in the configuration file;
To-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be-encrypted to-be- Providing token server; And
Including the NoSQL database,
The main server replaces the encryption target personal information with the tokens in the read personal information to generate token personal information of each of the plurality of users, and stores the token personal information in the same format as the original SAM file And storing the token private information stored in the token SAM file in the NoSQL database on a row-by-row basis. The personal information transfer system according to claim 1, wherein the NoSQL database is HBASE operating on an HDFS (HADOOP Distributed File System). 3. The method of claim 2, wherein the original SAM file stores first through n-th personal information corresponding to each of the plurality of users on a row-by-row basis, To n < th > columns, respectively,
Wherein the encryption information stored in the configuration file includes an encryption column number corresponding to a number of a column to be encrypted among the first to nth columns. The information processing apparatus according to claim 3,
Reads the first to n-th personal information of each of the plurality of users stored in the original SAM file, and stores the personal information stored in the column corresponding to the encrypted column number among the first to n-th personal information, And tokens of the first to n-th pieces of personal information are replaced with the tokens received from the token server, thereby providing first to n-th pieces of personal information to the token server, n token private information, and storing the first to n-th token personal information as the token SAM file; And
The first to n-th token private information stored in the token SAM file is read in row units and stored in a put object, and a Put function And a transfer unit for storing the first to n-th token personal information corresponding to the foot object in the personal information table using the personal information transfer system. 5. The method according to claim 4, wherein the encrypting unit reads the first to n < th > personal information stored in the original SAM file in units of rows and sequentially stores the first to nth personal information in a first array, Each of the first to n-th personal information read from the original SAM file in a row unit, to a new first array, Sequential storage,
The encryption thread reads personal information stored in a column corresponding to the encrypted column number among the first to nth personal information stored in the first array and stores the personal information in the second array as the encryption target personal information, 2 to the token server, storing the tokens provided from the token server in a third array, and transmitting the to-be-encrypted personal information from the first to the n-th personal information to the token server, Th token personal information stored in the fourth array, replacing the tokens stored in the fourth array with the tokens stored in the fourth array, and generating a fourth array including the first to n-th token personal information of each of the plurality of users, To the token SAM file. 6. The method of claim 5, wherein, when a plurality of cryptographic threads are generated, each of the cryptographic threads updates the first to n-th token personal information stored in the fourth array Personal information transfer system that writes to token SAM file. 5. The method according to claim 4, wherein the transfer unit sets names of column qualifiers in which the first to n-th token personal information stored in the token SAM file are to be stored in the personal information table, Generates an input object of a HashMap type each time the first to n-th token personal information are read out in a row unit, associates the read first to n-th token personal information with names of corresponding column qualifiers And stores the input objects in the input object in a key / value format. Whenever the number of the input objects reaches a predetermined foot size, a transition thread is created to provide the input objects to the escape thread,
Wherein the escape thread generates the put objects corresponding to the input objects and stores the first to nth token personal information stored in the key / value format in each of the input objects into a corresponding put object And stores the first to n-th token personal information stored in the foot objects in the personal information table using a Put function provided by the HBASE.
KR1020150064464A 2015-05-08 2015-05-08 Personal information transfer system KR101728878B1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
KR1020150064464A KR101728878B1 (en) 2015-05-08 2015-05-08 Personal information transfer system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
KR1020150064464A KR101728878B1 (en) 2015-05-08 2015-05-08 Personal information transfer system

Publications (2)

Publication Number Publication Date
KR20160131622A true KR20160131622A (en) 2016-11-16
KR101728878B1 KR101728878B1 (en) 2017-05-02

Family

ID=57541221

Family Applications (1)

Application Number Title Priority Date Filing Date
KR1020150064464A KR101728878B1 (en) 2015-05-08 2015-05-08 Personal information transfer system

Country Status (1)

Country Link
KR (1) KR101728878B1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020086197A1 (en) * 2018-10-25 2020-04-30 Mastercard International Incorporated Asymmetric encryption scheme for secure data transmission
KR102270896B1 (en) * 2020-01-06 2021-06-30 주식회사 아미크 Method and system for archiving data based on data de-identification

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
AU2011354630C1 (en) * 2011-01-12 2016-03-24 Virtru Corporation Methods and systems for distributing cryptographic data to authenticated recipients
KR101330072B1 (en) * 2013-07-12 2013-11-18 (주)아울시스템즈 Method and system for restoring data in database
KR101428648B1 (en) * 2014-01-29 2014-08-13 (주)케이사인 Method of block token-based encryption and method of block token-based decryption
KR101428649B1 (en) * 2014-03-07 2014-08-13 (주)케이사인 Encryption system for mass private information based on map reduce and operating method for the same

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2020086197A1 (en) * 2018-10-25 2020-04-30 Mastercard International Incorporated Asymmetric encryption scheme for secure data transmission
KR102270896B1 (en) * 2020-01-06 2021-06-30 주식회사 아미크 Method and system for archiving data based on data de-identification
KR20210088419A (en) * 2020-01-06 2021-07-14 주식회사 아미크 Method and system for archiving data for minimizing cost of data transmission and inquiry

Also Published As

Publication number Publication date
KR101728878B1 (en) 2017-05-02

Similar Documents

Publication Publication Date Title
CN108932297B (en) Data query method, data sharing method, device and equipment
US9720943B2 (en) Columnar table data protection
US10541983B1 (en) Secure storage and searching of information maintained on search systems
US8516271B2 (en) Securing non-volatile memory regions
KR101371608B1 (en) Database Management System and Encrypting Method thereof
CN111539813A (en) Method, device, equipment and system for backtracking processing of business behaviors
US8874932B2 (en) Method for order invariant correlated encrypting of data and SQL queries for maintaining data privacy and securely resolving customer defects
CN102855448B (en) A kind of Field-level database encryption device
JP2005505069A5 (en)
US8769302B2 (en) Encrypting data and characterization data that describes valid contents of a column
US20180246677A1 (en) Data randomization for flash memory
US20170279786A1 (en) Systems and methods to protect sensitive information in data exchange and aggregation
CN106815528A (en) A kind of file management method and device, storage device
Wang et al. ReRAM-based processing-in-memory architecture for blockchain platforms
CN105279198A (en) Data table storage method, data table modification method, data table query method and data table statistical method
CN111726230A (en) Data storage method, data recovery method, device and equipment
JP2018160129A (en) Data generation program, data generation method, and data generation apparatus
JP6605746B2 (en) Secret coupling system, secret coupling apparatus, secret coupling method, program
KR101728878B1 (en) Personal information transfer system
KR101428649B1 (en) Encryption system for mass private information based on map reduce and operating method for the same
JP5480828B2 (en) Secret sort system, secret sort device, secret sort method, secret sort program
CN101908361B (en) Method for hiding private information of U disk
Vershinin et al. Associative steganography of text messages
CN111368316B (en) File encryption and decryption method and device
Sreelaja et al. An image edge based approach for image password encryption

Legal Events

Date Code Title Description
A201 Request for examination
E902 Notification of reason for refusal
E701 Decision to grant or registration of patent right