WO2013008351A1 - Data distributed storage system - Google Patents

Data distributed storage system Download PDF

Info

Publication number
WO2013008351A1
WO2013008351A1 PCT/JP2011/079837 JP2011079837W WO2013008351A1 WO 2013008351 A1 WO2013008351 A1 WO 2013008351A1 JP 2011079837 W JP2011079837 W JP 2011079837W WO 2013008351 A1 WO2013008351 A1 WO 2013008351A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
server
user
partial data
storage system
Prior art date
Application number
PCT/JP2011/079837
Other languages
French (fr)
Japanese (ja)
Inventor
敏文 新谷
壮一 最首
Original Assignee
株式会社野村総合研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社野村総合研究所 filed Critical 株式会社野村総合研究所
Publication of WO2013008351A1 publication Critical patent/WO2013008351A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/41User authentication where a single sign-on provides access to a plurality of computers
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Definitions

  • the present invention relates to electronic data storage technology, and more particularly to a technology effectively applied to a data distributed storage system that generates multiple non-important data from important data by secret sharing technology and distributes and stores them at multiple sites. is there.
  • the encrypted data contains all the information of the important data. Therefore, for example, when the encrypted data is acquired by a third party, the encryption key is also acquired by the third party for some reason, and the important data is easily restored when it is decrypted. Further, even if the encryption key is not obtained, theoretically, there is a possibility that the important data may be restored from the encrypted data after a limited number of attempts since the encryption key has a finite length.
  • secret sharing technology is also used as a method for strongly concealing important data.
  • secret sharing even if some non-important data is acquired by a third party by dividing and distributing the important data into non-important data that is meaningless (it is not possible to restore or estimate the important data), Recovery of important data by a third party can be theoretically impossible.
  • Patent Document 1 an electronic information file is divided into a plurality of information elements, and the divided information elements are selected and combined in a different order to combine two or more information blocks.
  • Information block that does not include all the information elements unless all the information blocks are integrated, and division information according to the method of dividing into information elements and formation information according to the method of generating the information blocks.
  • JP 2009-139990 A Patent Document 2
  • data stored in a storage device is divided by a secret sharing method in which partial data of a reference number is required at the time of restoration
  • a transmitter that transmits partial data to another information processing apparatus and deletes it from the storage device, and data is restored to the storage device
  • An information processing apparatus includes an acquisition unit that acquires partial data from an information processing apparatus and stores the partial data in a storage device, and a restoration unit that restores data on the condition that a reference number of partial data is stored in the storage device. ing.
  • each server or system communicates between servers using a Security Assertion Markup Language (SAML) protocol or the like, and authentication is performed by a specific server such as an authentication server.
  • SAML Security Assertion Markup Language
  • the partial data is mainly stored in a distributed manner in a server or another client terminal that is geographically separated, whereby the client terminal is stolen by a third party or via a network.
  • the purpose is to reduce the risk of information leakage for intrusions, no consideration is given to unauthorized access from malicious insiders (eg, owners of other client terminals).
  • an object of the present invention is to distribute and store a plurality of partial data generated from important data by secret sharing technology in a plurality of data centers, and secure security for preventing unauthorized acquisition of partial data between each data center It is to provide a data distributed storage system that can be
  • a data distribution storage system generates partial data, which is a plurality of non-important data, from important data at the client terminal by secret sharing technology, and each of the partial data is transmitted via a network.
  • a distributed data storage system for storing data distributed among a plurality of connected servers and having the following features.
  • each of the servers has a data storage unit for storing the partial data received from the client terminal, and the client terminal uses the secret data sharing technology from the important data instructed to be stored by the user.
  • a division processing unit that generates the n pieces of partial data (k ⁇ n) that can not restore the important data unless collecting the important data, and the n servers different from each other in the n pieces of partial data generated by the division processing unit
  • a distributed management unit for storing the partial data of m pieces (k ⁇ m ⁇ n) for restoring the important data from the server, and instructing use from the user
  • the said important data is obtained from the m pieces of said partial data acquired from said distributed management unit by said secret sharing technique.
  • having a restoring unit for restoring the data is obtained from the m pieces of said partial data acquired from said distributed management unit by said secret sharing technique.
  • a plurality of partial data generated from the important data by the secret sharing technique are distributed and stored in a plurality of data centers, preventing unauthorized acquisition of the partial data among the respective data centers Security can be secured.
  • the data distribution storage system which is one embodiment of the present invention generates a plurality of partial data from the important data by the secret sharing technique when the user stores the important data of the user on the client terminal, Send to servers in multiple data centers for distributed storage.
  • the data distribution storage system which is one embodiment of the present invention generates a plurality of partial data from the important data by the secret sharing technique when the user stores the important data of the user on the client terminal, Send to servers in multiple data centers for distributed storage.
  • access to each data center is made independent. Ensure security and security among data centers. As a result, even an internal person such as a manager of each data center can obtain only one partial data, and important data can not be restored or inferred from the partial data. Data can be stored.
  • FIG. 2 is a diagram for explaining the concept of storage of data in the data distribution storage system of the present embodiment.
  • the data distributed storage system 1 has a configuration in which a client terminal 300 and a plurality of data centers 10 (four of 10a to 10d in the example of FIG. 2) are connected to a network 400 such as the Internet.
  • the client terminal 300 is an information processing terminal that a user normally uses for business and the like and performs processing such as input and reference of the important data 500, and, for example, a PC, a tablet type terminal, a smartphone, a mobile phone, etc.
  • a portable terminal etc. correspond.
  • the data center 10 is a base that stores server devices and performs operation management, and for example, a dedicated data center facility capable of storing a large number of server devices etc. and performing advanced operation management, and so-called containers It may be a portable data center such as a model or a modular type, or may be a facility that is not dedicated, such as a machine room in an office building. It may also be a virtual data center in a cloud computing environment.
  • Each data center 10 in the present embodiment is a server 100 (FIG. 2 example) having data storage units 110 (110 a to 110 d in the example of FIG. 2) each of which is a storage device or the like for holding and storing data. In the above, one or more units 100a to 100d) are provided.
  • each of these data centers 10 be unrelated to each other geographically or systematically. That is, for example, administrators or the like physically or electronically access each other between the data centers 10, such as being in the same site or adjacent sites, or being operated by the same or related business operators, etc. It is desirable that the configuration is not possible.
  • the client terminal 300 uses secret sharing technology from the important data 500.
  • a plurality of partial data 510 (four of 510a to 510d in the example of FIG. 2) are generated.
  • Each partial data 510 is non-important data that does not make sense by itself, as described above.
  • the important data 500 is deleted to prevent leakage.
  • the secret sharing technique (secret sharing algorithm) to be used is not particularly limited. For example, if k or more of n partial data 510 are collected, the important data 500 can be restored, but if less than k, it is important in principle A so-called (k, n) threshold type (1 ⁇ k ⁇ n) secret sharing technique that can not restore the data 500 can be used.
  • the values of k and n are not particularly limited, and can be appropriately determined according to the requirements such as security strength and processing speed. Note that the value of n (the number of partial data 510 to be generated) is equal to or less than the number of data centers 10. In other words, n or more data centers 10 are prepared for n partial data 510.
  • the generated partial data 510 is distributed to each data center 10 and transmitted so as not to overlap, and is distributed and stored in the data storage unit 110. That is, partial data 510 generated from the same important data 500 are stored separately in different data centers 10, and any two or more partial data 510 are not stored in the same data center 10. Let's do it.
  • the partial data 510 on the client terminal 300 is deleted to prevent leakage.
  • leakage of the important data 500 due to theft or loss of the client terminal 300 can be prevented by generating the partial data 510 from the important data 500 by the secret sharing technology and distributing and storing the partial data 510 in each data center 10. it can.
  • each data center 10 has only one partial data 510 for the important data 500, a third party invades the data center 10 and illegally acquires the partial data 510, or the data center 10 Even when an internal person such as the manager of the above acquires partial data 510, only one partial data 510 can be acquired. Since the important data 500 can not be restored / estimated only by the partial data 510, the contents of the important data 500 will not be leaked.
  • each data center 10 is not related geographically or systematically, a person inside the data center 10, such as a manager of the data center 10, accesses the other data center 10. It is also difficult together with the authentication process described later. Therefore, for example, even if an internal person such as a manager of data center 10 is malicious, partial data 510 is illegally acquired from another data center 10, and k or more data are collected to restore important data 500. It is possible to prevent the situation of
  • FIG. 1 is a diagram showing an outline of a configuration example of a data distributed storage system 1 according to an embodiment of the present invention.
  • the data distribution storage system 1 has a configuration in which a plurality of servers 100, a master server 200, and a client terminal 300 are connected to a network 400.
  • Each server 100 is operated and managed in the data center 10 unrelated to each other geographically or systematically as shown in FIG. 2 described above.
  • the server 100 is a computer system configured by a server device, and as a file server or storage server, receives user access from a client terminal 300 or the like after user authentication and provides storage service of data (partial data 510). It has a function.
  • the server 100 includes, for example, a data storage unit 110 made of a storage device such as a magnetic disk and an authentication processing unit 120 implemented by a software program.
  • the data storage unit 110 reads and writes specified data based on an instruction from an OS (Operating System) or the like.
  • the authentication processing unit 120 performs an authentication process for access to the server 100.
  • the authentication processing unit 120 has user information 130 consisting of account information for each user as information used when performing authentication processing.
  • the user information 130 includes, for example, a database, a file table, etc.
  • a user sheath 131 as unique information different for each user and a password are hashed according to a predetermined procedure. It has account information such as a hashed password 132.
  • the authentication processing unit 120 has a server sheath 140 as unique information which differs for each server.
  • the authentication processing unit 120 performs authentication processing with the client terminal 300 by a challenge / response method. That is, in response to the authentication request from the user, the server sheath 140, the user sheath 131, and a random number as a challenge are transmitted. Furthermore, a password (hash value) hashed by these is received from the client terminal 300 as a response, and the received hash value is compared with that obtained by hashing the hashed password 132 with the above-mentioned random number to perform authentication. . Therefore, the authentication processing unit 120 implements a function of random number generation and a hash algorithm. Note that various known techniques and algorithms can be used for these implementations. In the case where security of the communication path between the server 100 and the client terminal 300 is ensured, for example, another method other than the challenge / response method may be adopted.
  • the master server 200 is a computer system configured by a server device, a PC, and the like, and generates and provides a user sheath 131 and a server sheath 140 held in each server 100. Since it is not a so-called authentication server that performs authentication on behalf of each server 100, it has no user authentication function.
  • Master server 200 includes, for example, a sheath generation unit 210 implemented by a software program.
  • the sheath generation unit 210 generates a sheath based on an instruction from a manager or the like, a request from each server 100, or the like, and provides the sheath as a user sheath 131 or a server sheath 140 to the target server 100 via the network 400.
  • the master server 200 may be installed in the data center 10 independent of the other servers 100, or installed in the same data center 10 as any of the servers 100 by a configuration accessible from the outside. May be
  • the client terminal 300 generates a plurality of partial data 510 from the important data 500 using the secret sharing technology, distributes them to each server 100 (each data center 10) and transmits them so as not to overlap each other, and the data storage unit 110 Distributed storage facilities.
  • the client terminal 300 has, for example, a distribution status 321 including a division processing unit 310 implemented by a software program, a distribution management unit 320, a restoration processing unit 330, an authentication request unit 340, an interface unit 350, and a database or file table. And each table of setting information 301.
  • the division processing unit 310 generates a plurality of partial data from the important data 500 instructed by the user via the interface unit 350, which will be described later, for secure storage, and a plurality of partial data stored in each server 100 in a distributed manner by secret sharing.
  • Generate 510 As described above, the secret sharing method is not particularly limited, and a known (k, n) threshold type secret sharing method can be used. In the setting information 301, for example, information specifying an algorithm of secret sharing to be used, and parameters such as k and n can be set in advance.
  • the distributed management unit 320 transmits the partial data 510 generated by the division processing unit 310 to each server 100 according to a predetermined condition based on the setting content of the setting information 301 at the time of the distributed storage of the important data 500 and distributed storing. At the same time, information related to correspondence between which partial data 510 is stored in which server 100 is recorded in the distribution status 321 and managed.
  • n servers 100 When there are more than n servers 100, various methods can be considered for selecting n servers 100 and determining which server 100 each partial data 510 should be stored.
  • FIG. 3 is a diagram showing an example of selection of the server 100 for storing the partial data 510.
  • four partial data 510 generated by (3, 4) threshold type secret sharing from each important data 500 (“important data ⁇ ”, “important data ⁇ ”, “important data ⁇ ”, etc.
  • For (“A”, “B”, “C”, “D”), select four servers 100 as storage destinations from six servers 100 (“server # 1” to “server # 6”). Show the case of assignment.
  • the servers 100 (“server # 1” to “server # 6”) are ordered in accordance with a priority or the like based on random or spec, etc.
  • n servers 100 may be selected in order according to the order of the list.
  • n servers 100 may be selected from the top of the list (for example, “server # 1”) each time, and as shown in the example of FIG.
  • the servers 100 to be selected may be rotated at intervals of 500.
  • the plurality of important data 500 can be distributed and stored in different ways in the partial data 510.
  • the range of the important data 500 that can not be restored can be limited to a part (in the example of FIG. 3, only "important data ⁇ "), and a situation where all the important data 500 can not be restored can be prevented.
  • n partial data 510 may be sequentially assigned to a list of n servers 100, or each partial data 510 may be randomly assigned. Good.
  • the setting information 301 includes, for example, access information (IP address, host name, etc.) for each server 100 serving as a distributed storage destination, and for selecting n servers 100 when there are more than n servers 100. Criteria and conditions (for example, the priority order of the server 100, an ordered list, a method for rotation, etc.) can be set in advance.
  • the distribution management unit 320 is based on the contents of the distribution status 321 and the setting contents of the setting information 301 based on the request from the restoration processing unit 330 when the restoration processing unit 330 restores the important data 500 described later.
  • m partial data 510 for recovering the important data 500 are collected from each server 100 and delivered to the recovery processing unit 330.
  • partial data 510 from the target server 100 due to criteria or conditions for selecting the target m servers 100 when m ⁇ n and m ⁇ n are satisfied. It is possible to set in advance a determination method of the server 100 to be a substitute in the case where the acquisition can not be made.
  • n partial data 510 can not be stored in each server 100 during distributed storage of partial data 510 due to a failure or the like of server 100, k or more can not be collected when partial data 510 is collected In this case, an error may be returned to the user.
  • the client terminal 300 and each server 100 perform predetermined encryption on the partial data 510 and then transmit and receive information. The risk of risk may be further reduced.
  • the restoration processing unit 330 requests the distributed management unit 320 for the partial data 510 more than the number necessary for restoring the important data 500 instructed by the user via the interface unit 350 to be used for reference, editing, etc. From the acquired partial data 510, the important data 500 is restored by the secret sharing method.
  • the authentication request unit 340 requests authentication of each server 100 when the distributed management unit 320 distributes and stores the partial data 510 to each server 100 and collects the partial data 510 from each server 100. For example, the input of the user ID and password is received from the user via the login screen, and as will be described later, sequentially or in parallel with the authentication processing unit 120 of each server 100 individually by a challenge / response method or the like. By performing authentication processing, the function of single sign-on is realized.
  • the authentication request unit 340 implements the same hash algorithm as that implemented by the authentication processing unit 120 of the server 100.
  • the interface unit 350 has a user interface such as screen display in the client terminal 300 and an input / output function such as transmission / reception of data.
  • the user can use the function of the data distribution storage system 1 by using, for example, a file management screen or the like possessed by a general OS.
  • important data is moved to a specific folder or the like on a file management screen by a simple operation such as drag and drop.
  • the division processing unit 310 and the distribution management unit 320 automatically generate n partial data 510 from the important data 500 by (k, n) threshold type secret sharing, and each partial data 510 Distributed storage can be performed in each server 100 without the user being aware.
  • the important data 500 is deleted from the client terminal 300, but on the screen for file management, for example, a dummy file corresponding to the important data 500 is created so as not to make the user conscious. I leave it.
  • the user performs an operation such as reference or editing on the important data 500 by performing an operation on a dummy file or the like of the important data 500 managed in a specific folder on the file management screen.
  • the distribution management unit 320 and the restoration processing unit 330 automatically trigger m pieces of important data 500 corresponding to the dummy file or the like from each server 100 (k ⁇ m ⁇ n) with the operation on the dummy file or the like as a trigger.
  • Partial data 510 may be collected and key data 500 may be recovered and made available to the user.
  • each data center 10 is not related geographically or systematically, for example, the authentication result of the representative authentication server, etc. There is a mechanism that can independently and safely access each data center 10 by separately performing authentication processing using unique information (keys) different among each data center 10 instead of the authentication method that is taken over. , Secure the security between each data center 10.
  • each server 100 holds the seeds generated by the sheath generation unit 210 of the master server 200 in advance as the server sheath 140. Further, it is assumed that initial registration of account information including a user ID, a password and the like has been performed in advance by each user. At this time, as the account information, the seeds generated by the seeds generation unit 210 of the master server 200 are held as the user seeds 131 for each user ID. Further, with regard to the password, the user seeds 131 and the server seeds 140 are held as a seed value and as a hashed password 132 hashed by a predetermined hash algorithm.
  • the hash value may be different for each user. it can.
  • FIG. 4 is a diagram showing an outline of an example of the flow of the authentication process in the present embodiment.
  • the user makes a request for authentication (login) via the authentication request unit 340 of the client terminal 300.
  • information of a user ID and a password is designated via a login screen or the like.
  • the authentication request unit 340 transmits a request for authentication including the designated user ID to the server 100 (S01).
  • the authentication processing unit 120 of the server 100 that has received the user ID generates random numbers as a challenge in the challenge / response method, further acquires seeds, and transmits these to the client terminal 300 (S02).
  • the server sheath 140 and the user sheath 131 corresponding to the user ID held in the user information 130 are acquired.
  • the series of hashing processing procedures in the above steps S03 to S05 are only an example, and it is naturally possible to use other procedures that can obtain equivalent results, but the password may be hashed at the time of user registration in advance. It is necessary to follow the same procedure as the hashing process when acquiring the hashed password 132 by In addition, for example, when an instruction to update the password is received from the server 100 because the password expiration date has passed in step S02, the password (and the hash before executing step S03, if necessary, etc. It may be possible to update the authentication password 132).
  • the authentication processing unit 120 of the server 100 having received the hash value acquires the hashed password 132 corresponding to the target user ID from the user information 130 (S07), and the acquired hashed password 132 is the random number generated in step S02. Is hashed as a seed value (S08). Thereafter, the authentication process is performed by comparing the obtained hash value with the hash value received from the client terminal 300 in step S07, and the authentication result is transmitted to the client terminal 300 (S09). That is, if the comparison results in a match, the authentication is established. If the two do not match, the authentication is not established.
  • information related to the whereabouts of the sender such as the IP address is acquired from the request message from the client terminal 300, and other conditions such as whether the information is within a predetermined range indicate success or failure of authentication. It may be added to the judgment of
  • the authentication request unit 340 of the client terminal 300 receives the authentication result (S10), and then automatically performs the above-described series of processing automatically on the other servers 100 as needed, and performs authentication on each server 100. Do the processing. Since the authentication process in each server 100 is independent, it is also possible to perform the above-described series of processes simultaneously in parallel with respect to a plurality of necessary servers 100.
  • the necessary information of the server 100 may be set in advance, for example, in the setting information 301 or the like of the client terminal 300, or the distributed management unit 320 selects at the time of distributed storage or collection of the partial data 510.
  • the server 100 may be targeted.
  • the user can perform the authentication process on each of the necessary servers 100 only by specifying the user ID and the password once.
  • an administrator or the like of a certain server 100 or data center 10 acquires account information such as the user seeds 131 of the target user and the hashed password 132 from the user information 130 of the user. Even in this case, authentication by impersonation can not be performed on another server 100 (data center 10) using such information, and security between the servers 100 is secured.
  • the value of the hashed password 132 of the user in one server 100 is hashed by its own server 140, and the hashed password 132 of the user in the other server 100 is the same as the other server.
  • the values are different because they are hashed by the 100 server seeds 140. Therefore, even if both of them are hashed using the same random number as a seed value, they will not be the same hash value, and the authentication will not be established in step S09 of FIG. Further, even if the server seeds 140 of the other server 100 are acquired by some means, a hash value having the same value as the hashed password 132 in the other server 100 is generated unless the password of the target user is known. It is not possible.
  • the partial data 510 is generated from the important data 500 by the secret sharing technology, and is stored separately in each data center 10 It is possible to prevent the leakage of the important data 500 due to the theft or loss of the client terminal 300.
  • each data center 10 has only one partial data 510 for the important data 500, a third party invades the data center 10 and illegally acquires the partial data 510, or the data center 10 Even when an internal person such as the manager of the above acquires partial data 510, only one partial data 510 can be acquired. Since the important data 500 can not be restored / estimated only by the partial data 510, the contents of the important data 500 will not be leaked.
  • server seeds 140 unique information (server seeds 140) different for each server 100
  • a person such as an administrator of the data center 10 may access another data center 10 with malicious intent. Since it is difficult, it is possible to secure security for preventing unauthorized acquisition of partial data 510 between each data center 10.
  • single sign-on to a plurality of servers 100 can be realized by a single authentication process from a client terminal 300 by a user, and authentication by each server 100 can be performed simultaneously in parallel. Therefore, in the distributed storage of partial data 510 generated from the important data 500 and collection of the partial data 510 more than the number necessary to restore the important data 500, the time required for authentication is reduced to suppress the deterioration of the response. It is possible to
  • the present invention is not limited to the above-mentioned embodiment, and can be variously changed in the range which does not deviate from the gist. Needless to say.
  • the present invention is applicable to a data distributed storage system that generates a plurality of non-important data from important data by secret sharing technology and distributes and stores them at a plurality of sites.
  • 1 Distributed data storage system, 10, 10a-d ... data center, 100, 100a to d: server, 110, 110a to d: data storage unit, 120: authentication processing unit, 130: user information, 131: user seed, 132: hashed password, 140: server seed, 200 ... master server, 210 ... sheath generation unit, 300: client terminal, 301: setting information, 310: division processing unit, 320: distribution management unit, 321: distribution status, 330: restoration processing unit, 340: authentication request unit, 350: interface unit, 400 ... network, 500 ... important data, 510a to d ... partial data.

Abstract

[Problem] To provide a data distributed storage system that provides distributed storage, in a plurality of data centers, of a plurality of partial data segments generated from important data using secret distribution technology, and that ensures security for preventing illegal acquisition of the partial data segments between each data center. [Solution] Each server (100) has a data storage unit (110) that stores partial data segments received from a client terminal (300). The client terminal (300) has: a segmentation processing unit (310) that generates an n number of partial data segments from important data, using secret distribution technology whereby the important data cannot be restored unless at least a k number (k≦n) of partial data segments is gathered; a distribution management unit (320) that stores the n number of partial data segments in an n number of servers (100) and gathers an m number (k≦m≦n) of partial data segments for restoring the important data, from an m number of servers (100); and a restoration unit (330) that restores the important data from the m number of partial data segments, using the secret distribution technology.

Description

データ分散保管システムDistributed data storage system
 本発明は、電子データの保管技術に関し、特に、重要データから秘密分散技術により複数の非重要データを生成して複数の拠点に分散保管するデータ分散保管システムに適用して有効な技術に関するものである。 The present invention relates to electronic data storage technology, and more particularly to a technology effectively applied to a data distributed storage system that generates multiple non-important data from important data by secret sharing technology and distributes and stores them at multiple sites. is there.
 情報システムを有する企業等においては、情報漏洩などの情報セキュリティ事故を防止するため、機密性の高いデータなどの重要なデータを保護する手段を講じる必要がある。一方でこれらを実現するための様々な手段も提案されている。 In a company having an information system, it is necessary to take measures to protect important data such as highly confidential data in order to prevent an information security accident such as information leakage. On the other hand, various means for realizing these have also been proposed.
 重要データを保護するための手段として、例えば、企業等が重要データをセキュリティ対策が多重に施されたデータセンターに保管することが考えられる。しかしながら、外部からアクセス可能なプライベートなデータセンターを独自に構築・運用するのは技術面・コスト面等で多大な負荷を要し、容易に実現できるものではない。 As a means for protecting important data, for example, it can be considered that companies etc. store important data in a data center where security measures are applied in multiple. However, independently constructing and operating a private data center that can be accessed from the outside requires a large load in terms of technology and cost, and can not be easily realized.
 これに対して第三者が運用してサービスとして外部に提供しているデータセンターを利用することも考えられる。しかし、第三者が運用管理するデータセンターに自社の重要データを保管することはセキュリティ面で高いリスクが伴う。ましてや近年利用が拡大しているクラウドコンピューティング環境における仮想データセンターや仮想サーバに重要データを保管することは非常にリスクが高いことから、重要データを取り扱う業務を行う情報システムをクラウドコンピューティング環境を利用して構築するということがなかなか普及しない一因ともなっている。 On the other hand, it is also conceivable to use a data center operated by a third party and provided to the outside as a service. However, storing your company's important data in a data center operated and managed by a third party involves high security risks. Since storing important data in a virtual data center or virtual server in a cloud computing environment, which is increasingly used in recent years, is extremely risky, an information system that handles important data is called a cloud computing environment. The use and construction is one of the reasons why it does not spread easily.
 一方、重要データを保管する際に、データを秘匿化したり改竄を防止したりする手段を講じて保管することも行われている。一般的には、暗号鍵を用いて重要データを暗号化して保管することが行われているが、この場合、暗号化されたデータには重要データの情報が全て含まれている。従って、例えば暗号化データが第三者に取得されたような場合、何らかの理由で当該第三者に暗号鍵も取得、解読された場合は容易に重要データが復元されてしまう。また、暗号鍵を取得されなくとも、暗号鍵が有限長であることから、理論上は有限回数の試行によって暗号化されたデータから重要データが復元されてしまう可能性を有する。 On the other hand, when important data is stored, it is also practiced to take measures to conceal the data or prevent tampering. In general, it is practiced to encrypt and store important data using an encryption key, but in this case, the encrypted data contains all the information of the important data. Therefore, for example, when the encrypted data is acquired by a third party, the encryption key is also acquired by the third party for some reason, and the important data is easily restored when it is decrypted. Further, even if the encryption key is not obtained, theoretically, there is a possibility that the important data may be restored from the encrypted data after a limited number of attempts since the encryption key has a finite length.
 これに対し、重要データを強固に秘匿化する手法として、いわゆる秘密分散の技術も用いられている。秘密分散では、重要データを、それだけでは意味のない(重要データを復元・推測できない)非重要データに分割・分散することで、一部の非重要データが第三者に取得された場合でも、第三者による重要データの復元を理論上も不可能とすることができる。 On the other hand, so-called secret sharing technology is also used as a method for strongly concealing important data. In secret sharing, even if some non-important data is acquired by a third party by dividing and distributing the important data into non-important data that is meaningless (it is not possible to restore or estimate the important data), Recovery of important data by a third party can be theoretically impossible.
 秘密分散の手法としては種々のものが提案されている。例えば、特許第4039810号明細書(特許文献1)には、電子情報ファイルを複数の情報エレメントに分割し、分割された情報エレメントを選択し順序を変えて組み合わせることにより、2個以上の情報ブロックであって全ての情報ブロックを統合しなければ全ての情報エレメントを含むことにならないような情報ブロックを生成し、情報エレメントに分割した方法に係る分割情報と情報ブロックを生成した方法に係る形成情報を記録した分割抽出データを生成し、各情報ブロックと分割抽出データとのうち、少なくとも1つを証明局に保管し、他を分離して別々に保管することで電子情報の安全を確保する技術が開示されている。 Various methods have been proposed as secret sharing methods. For example, in Japanese Patent No. 4039810 (Patent Document 1), an electronic information file is divided into a plurality of information elements, and the divided information elements are selected and combined in a different order to combine two or more information blocks. Information block that does not include all the information elements unless all the information blocks are integrated, and division information according to the method of dividing into information elements and formation information according to the method of generating the information blocks A technology that secures the safety of electronic information by generating split extraction data recording the data, storing at least one of each information block and split extraction data in the certification authority, and separately storing the other separately. Is disclosed.
 一方、重要データに対応する非重要データや情報ブロック(以下では“部分データ”と記載する場合がある)を全て集めなくとも所定の個数以上集めれば重要データを復元可能な秘密分散の手法として、例えば、非特許文献1に記載されたような多項式補間を用いた(k,n)閾値秘密分散法が従来から用いられている。この手法によれば、n個に分散した部分データのうち少なくともk個(k≦n)を集めれば重要データを復元することができる。また、この手法をさらに改良した種々の閾値秘密分散法も提案されている。 On the other hand, as a method of secret sharing which can restore important data if collecting a predetermined number or more of non-important data and information blocks (hereinafter sometimes referred to as "partial data") corresponding to the important data. For example, the (k, n) threshold secret sharing method using polynomial interpolation as described in Non-Patent Document 1 has been conventionally used. According to this method, important data can be restored by collecting at least k (k ≦ n) of partial data dispersed into n. Also, various threshold secret sharing methods have been proposed which further improve this method.
 これに関連して、例えば、特開2009-139990号公報(特許文献2)には、記憶装置に格納されたデータを、復元の際に基準個数の部分データが必要となる秘密分散法により、基準個数以上の所定の個数の部分データに分割する分割部と、部分データを他の情報処理装置に送信するとともに記憶装置から削除する送信部と、記憶装置へデータを復元する場合に、他の情報処理装置から部分データを取得して記憶装置に格納する取得部と、基準個数の部分データが記憶装置に格納されたことを条件にデータを復元する復元部とを備える情報処理装置が開示されている。 In relation to this, for example, in JP 2009-139990 A (Patent Document 2), data stored in a storage device is divided by a secret sharing method in which partial data of a reference number is required at the time of restoration, In the case of dividing data into a predetermined number of partial data equal to or greater than a reference number, a transmitter that transmits partial data to another information processing apparatus and deletes it from the storage device, and data is restored to the storage device An information processing apparatus is disclosed that includes an acquisition unit that acquires partial data from an information processing apparatus and stores the partial data in a storage device, and a restoration unit that restores data on the condition that a reference number of partial data is stored in the storage device. ing.
特許第4039810号明細書Patent No. 4039810 特開2009-139990号公報JP, 2009-139990, A
 近年、ノート型PC(Personal Computer)などの携帯可能な情報処理端末が広く利用されるに従って、これらの端末自体の盗難や紛失等に伴う情報漏洩のリスクが高まっている。例えば、個人情報等を取り扱う企業などにおいては、従業員等がこれらの端末を紛失したような場合には、監督官庁への届出や報告等が必要となる場合がある。しかし、従来は実際の情報漏洩範囲については特定することができない場合がほとんどであり、紛失した時点で全てのデータが漏洩もしくはその可能性があると報告せざるを得なかった。 In recent years, with the widespread use of portable information processing terminals such as laptop PCs (Personal Computers), the risk of information leakage accompanying the theft or loss of these terminals themselves is increasing. For example, in a company handling personal information or the like, when an employee etc. loses such a terminal, a report or report etc. may be required to the supervisory authority. However, in the past, it was almost impossible to specify the actual information leakage range, and when lost, it was forced to report that all data were leaked or that there is a possibility of that.
 これに対して、端末内の重要データを含むデータを外部のサーバ等に保管することで端末の紛失等に伴う情報漏洩のリスクを低減することが考えられる。このとき、重要データをそのまま外部のサーバ等に保管するのではなく、例えば、上述した秘密分散の技術を利用して重要データを非重要データに分割・分散して部分データとし、これを外部のサーバ等に分散保管するようにすることで、例えば、クラウドコンピューティング環境における仮想データセンターや仮想サーバなどに保管するような場合においても情報漏洩のリスクを低減させることが可能である。 On the other hand, it is conceivable to reduce the risk of information leakage due to loss of a terminal or the like by storing data including important data in the terminal in an external server or the like. At this time, important data is not stored as it is in an external server etc. For example, important data is divided and dispersed into non-important data using the above-described secret sharing technique to make partial data, which is used as external data. By decentralized storage in a server or the like, it is possible to reduce the risk of information leakage even in the case of storage in, for example, a virtual data center or a virtual server in a cloud computing environment.
 すなわち、各データセンター等に分散保管される部分データは、それ自体では意味をなさず、当該部分データのみからは重要データの内容を復元したり推測したりすることができない。従って、当該データセンターやサーバ等に不正に侵入し、当該部分データを取得した第三者はもちろん、例えば、各データセンターの管理者等の内部の者が悪意を持って当該部分データを取得した場合でも、取得された部分データから重要データの内容が漏洩する事態を防ぐことができる。 That is, partial data distributed and stored in each data center or the like does not make sense by itself, and the content of important data can not be restored or inferred from only the partial data. Therefore, a third party who has illegally invaded the data center or server and acquired the partial data, as well as, for example, a person inside the administrator of each data center maliciously acquires the partial data, for example Even in such a case, it is possible to prevent the content of the important data from leaking from the acquired partial data.
 ここで、複数のデータセンター等に部分データを分散保管するシステム構成を考えた場合、通常は、ユーザが各データセンター等に対してそれぞれ個別にユーザ認証を行う必要があるが、この場合ユーザ認証の処理が煩雑となり、業務効率が低下することが懸念される。これに対して、通常は、ユーザが一度の認証を行うことで、ユーザ認証が必要な複数のデータセンターやサーバ等に対して個別の認証手続きを行わずにアクセスすることを可能とするいわゆるシングルサインオンの技術が用いられる。 Here, in the case of a system configuration in which partial data are distributed and stored in a plurality of data centers etc., usually, it is necessary for the user to perform user authentication individually for each data center etc. In this case, user authentication Processing is complicated, and there is a concern that work efficiency may be reduced. On the other hand, in general, a single authentication enables the user to access a plurality of data centers, servers, etc. requiring user authentication without performing individual authentication procedures. Sign-on technology is used.
 シングルサインオンの環境を実現する手法としては、例えば、各サーバやシステムがSAML(Security Assertion Markup Language)プロトコル等を用いてサーバ間で通信を行って、認証サーバ等の特定のサーバで行った認証結果の情報を自動的に引き継ぐことで、各サーバ等でのユーザによる再度の認証手続きを不要とする手法などがある。 As a method for realizing a single sign-on environment, for example, each server or system communicates between servers using a Security Assertion Markup Language (SAML) protocol or the like, and authentication is performed by a specific server such as an authentication server. There is a method of making it unnecessary to repeat the authentication procedure by the user in each server etc. by automatically handing over the information of the result.
 しかしながら、このような手法によるシングルサインオンの環境は、例えば、イントラネット上の社内システムなど、サーバやシステム間で認証情報の引き継ぎ・受け入れを許容する信頼関係が成立していることが前提となる。従って、各データセンターやサーバ等が異なる事業者等によって運用されている場合などでは、セキュリティ上の関係等からこのような信頼関係が成立しない場合もある。 However, in the single sign-on environment based on such a method, it is premised that a trust relationship is established between servers and systems, such as an in-house system on an intranet, for example, to allow handover and acceptance of authentication information. Therefore, when the data centers, servers, etc. are operated by different operators, such a trust relationship may not be established due to security relationship etc.
 また、このような環境で上述したようなシングルサインオンの手法を用いると、例えば、あるデータセンター等において、ユーザの認証処理のために認証サーバ等から取得した認証情報を、悪意を持った内部の者が利用して他のデータセンター等に対して不正にアクセスを行い、当該他のデータセンターに保管されている部分データを取得してしまうということも考えられる。従って、上述したような、重要データから秘密分散技術により生成された複数の部分データを各データセンター等に分散保管する仕組みにおいては、各データセンター間での部分データの不正取得を防止するためのセキュリティについても考慮する必要がある。 In addition, if the above-described single sign-on method is used in such an environment, for example, in a certain data center or the like, authentication information acquired from an authentication server or the like for user authentication processing It is also conceivable that a person in one's own will illegally access another data center etc. and acquire partial data stored in the other data center. Therefore, in the above-described structure in which a plurality of partial data generated from the important data by the secret sharing technique are distributed and stored in each data center or the like, to prevent unauthorized acquisition of the partial data among each data center Security should also be considered.
 ここで、例えば特許文献1に記載された技術では、秘密分散された部分データ(情報ブロック)のうちの1つをいわゆる“信頼できる第三者機関(Trusted Third Party)”である証明局に供託しておくことで、重要データの復元の際に必ず証明局を介在させることができ、悪意を持った内部の者からの不正なアクセスに対しても対応することが可能である。しかしながら、システム構成として“信頼できる第三者機関”を設置する必要があり、コストや運用負荷の面で負担が大きくなってしまうことが考えられる。 Here, for example, in the technology described in Patent Document 1, one of secret-distributed partial data (information blocks) is entrusted to a certification authority which is a so-called "trusted third party". This makes it possible to intervene the certification authority whenever restoring important data, and to cope with unauthorized access from malicious insiders. However, it is necessary to set up a "reliable third party organization" as a system configuration, which may increase the burden in terms of cost and operation load.
 一方、特許文献2に記載された技術では、主に、部分データをサーバや地理的に離れた他のクライアント端末などに分散保管することで、第三者によるクライアント端末の盗難やネットワークを介した不正侵入に対する情報漏洩のリスクを低下させることが目的とされているが、悪意を持った内部の者(例えば、他のクライアント端末の所有者など)からの不正なアクセスに対する考慮はされていない。 On the other hand, in the technology described in Patent Document 2, the partial data is mainly stored in a distributed manner in a server or another client terminal that is geographically separated, whereby the client terminal is stolen by a third party or via a network. Although the purpose is to reduce the risk of information leakage for intrusions, no consideration is given to unauthorized access from malicious insiders (eg, owners of other client terminals).
 そこで本発明の目的は、重要データから秘密分散技術により生成された複数の部分データを複数のデータセンターに分散保管し、各データセンター間での部分データの不正取得を防止するためのセキュリティを確保することが可能なデータ分散保管システムを提供することにある。 Therefore, an object of the present invention is to distribute and store a plurality of partial data generated from important data by secret sharing technology in a plurality of data centers, and secure security for preventing unauthorized acquisition of partial data between each data center It is to provide a data distributed storage system that can be
 本発明の前記ならびにその他の目的と新規な特徴は、本明細書の記述および添付図面から明らかになるであろう。 The above and other objects and novel features of the present invention will be apparent from the description of the present specification and the accompanying drawings.
 本願において開示される発明のうち、代表的なものの概要を簡単に説明すれば、以下のとおりである。 The outline of typical ones of the inventions disclosed in the present application will be briefly described as follows.
 本発明の代表的な実施の形態によるデータ分散保管システムは、クライアント端末において、重要データから秘密分散技術により複数の非重要データである部分データを生成し、前記各部分データを、ネットワークを介して接続された複数のサーバに分散保管するデータ分散保管システムであって、以下の特徴を有するものである。 A data distribution storage system according to a representative embodiment of the present invention generates partial data, which is a plurality of non-important data, from important data at the client terminal by secret sharing technology, and each of the partial data is transmitted via a network. A distributed data storage system for storing data distributed among a plurality of connected servers and having the following features.
 すなわち、前記各サーバは、それぞれ、前記クライアント端末から受信した前記部分データを保管するデータ保管部を有し、前記クライアント端末は、ユーザから保管を指示された前記重要データから前記秘密分散技術によりk個以上集めなければ前記重要データを復元できないn個(k≦n)の前記部分データを生成する分割処理部と、前記分割処理部によって生成されたn個の前記部分データを、それぞれ異なる前記サーバの前記データ保管部に保管し、また、前記重要データを復元するためのm個(k≦m≦n)の前記部分データを前記サーバからそれぞれ収集する分散管理部と、前記ユーザから利用を指示された前記重要データについて、前記分散管理部から取得したm個の前記部分データから前記秘密分散技術により前記重要データを復元する復元処理部とを有することを特徴とする。 That is, each of the servers has a data storage unit for storing the partial data received from the client terminal, and the client terminal uses the secret data sharing technology from the important data instructed to be stored by the user. A division processing unit that generates the n pieces of partial data (k ≦ n) that can not restore the important data unless collecting the important data, and the n servers different from each other in the n pieces of partial data generated by the division processing unit A distributed management unit for storing the partial data of m pieces (k ≦ m ≦ n) for restoring the important data from the server, and instructing use from the user With respect to the said important data, the said important data is obtained from the m pieces of said partial data acquired from said distributed management unit by said secret sharing technique. And having a restoring unit for restoring the data.
 本願において開示される発明のうち、代表的なものによって得られる効果を簡単に説明すれば以下のとおりである。 The effects obtained by typical ones of the inventions disclosed in the present application will be briefly described as follows.
 本発明の代表的な実施の形態によれば、重要データから秘密分散技術により生成された複数の部分データを複数のデータセンターに分散保管し、各データセンター間での部分データの不正取得を防止するためのセキュリティを確保することが可能となる。 According to a representative embodiment of the present invention, a plurality of partial data generated from the important data by the secret sharing technique are distributed and stored in a plurality of data centers, preventing unauthorized acquisition of the partial data among the respective data centers Security can be secured.
本発明の一実施の形態であるデータ分散保管システムの構成例について概要を示した図である。It is the figure which showed the outline about the example of composition of the data distributed storage system which is one embodiment of the present invention. 本発明の一実施の形態におけるデータの保管の概念について説明した図である。It is a figure explaining the concept of storage of data in one embodiment of the present invention. 本発明の一実施の形態における部分データを保管するサーバの選択の例について示した図であるIt is a figure showing about an example of selection of a server which stores partial data in a 1 embodiment of the present invention. 本発明の一実施の形態における認証処理の流れの例について概要を示した図である。It is the figure which showed the outline | summary about the example of the flow of the authentication process in one embodiment of this invention.
 以下、本発明の実施の形態を図面に基づいて詳細に説明する。なお、実施の形態を説明するための全図において、同一部には原則として同一の符号を付し、その繰り返しの説明は省略する。 Hereinafter, embodiments of the present invention will be described in detail based on the drawings. Note that, in all the drawings for describing the embodiments, the same reference numeral is attached to the same part in principle, and the repetitive description thereof will be omitted.
 <概要>
 本発明の一実施の形態であるデータ分散保管システムは、ユーザがクライアント端末上で、ユーザの重要データを保管する際に、当該重要データから秘密分散技術により複数の部分データを生成し、これらを複数のデータセンターのサーバに送信して分散保管する。また、各データセンターに対するシングルサインオンの仕組みを実装し、認証の際に、各データセンターで異なる固有情報(鍵)を用いて認証処理を行うことで、各データセンターへのアクセスを独立して安全に行えるようにし、各データセンター間でのセキュリティを確保する。これらにより、各データセンターの管理者等の内部の者であっても1つの部分データしか得ることができず、当該部分データから重要データを復元・推測することはできないため、ユーザは安全に重要データを保管することができる。 <Overview>
The data distribution storage system which is one embodiment of the present invention generates a plurality of partial data from the important data by the secret sharing technique when the user stores the important data of the user on the client terminal, Send to servers in multiple data centers for distributed storage. In addition, by implementing a single sign-on mechanism for each data center and performing authentication processing using different unique information (keys) in each data center at the time of authentication, access to each data center is made independent. Ensure security and security among data centers. As a result, even an internal person such as a manager of each data center can obtain only one partial data, and important data can not be restored or inferred from the partial data. Data can be stored.
 図2は、本実施の形態のデータ分散保管システムにおけるデータの保管の概念について説明した図である。データ分散保管システム1は、インターネット等のネットワーク400に、クライアント端末300と、複数のデータセンター10(図2の例では10a~10dの4つ)が接続された構成を有している。ここで、クライアント端末300は、ユーザが業務等で通常使用し、重要データ500の入力や参照などの処理を行う情報処理端末であり、例えば、PCや、タブレット型端末、スマートフォン、携帯電話などの携帯端末などが該当する。 FIG. 2 is a diagram for explaining the concept of storage of data in the data distribution storage system of the present embodiment. The data distributed storage system 1 has a configuration in which a client terminal 300 and a plurality of data centers 10 (four of 10a to 10d in the example of FIG. 2) are connected to a network 400 such as the Internet. Here, the client terminal 300 is an information processing terminal that a user normally uses for business and the like and performs processing such as input and reference of the important data 500, and, for example, a PC, a tablet type terminal, a smartphone, a mobile phone, etc. A portable terminal etc. correspond.
 また、データセンター10は、サーバ機器を保管して運用管理を行う拠点であり、例えば、多数のサーバ機器等を保管して高度な運用管理を行うことができる専用のデータセンター施設や、いわゆるコンテナ型やモジュール型などの可搬型のデータセンターなどであってもよいし、オフィスビル内のマシンルームなど専用ではない施設であってもよい。また、クラウドコンピューティング環境における仮想データセンターであってもよい。本実施の形態での各データセンター10は、それぞれ、データを保持・記憶するためのストレージ機器等からなるデータ保管部110(図2の例では110a~110d)を有するサーバ100(図2の例では100a~100d)を1台以上有している。 Further, the data center 10 is a base that stores server devices and performs operation management, and for example, a dedicated data center facility capable of storing a large number of server devices etc. and performing advanced operation management, and so-called containers It may be a portable data center such as a model or a modular type, or may be a facility that is not dedicated, such as a machine room in an office building. It may also be a virtual data center in a cloud computing environment. Each data center 10 in the present embodiment is a server 100 (FIG. 2 example) having data storage units 110 (110 a to 110 d in the example of FIG. 2) each of which is a storage device or the like for holding and storing data. In the above, one or more units 100a to 100d) are provided.
 なお、これらの各データセンター10は、地理的にも組織的にも相互に関連のないものとするのが望ましい。すなわち、例えば同一の敷地内や隣接する敷地に存在したり、同一もしくは関連する事業者等により運用されていたりなど、データセンター10間で、管理者等が相互に物理的もしくは電子的にアクセスすることが可能な構成とはなっていないものとするのが望ましい。 It is desirable that each of these data centers 10 be unrelated to each other geographically or systematically. That is, for example, administrators or the like physically or electronically access each other between the data centers 10, such as being in the same site or adjacent sites, or being operated by the same or related business operators, etc. It is desirable that the configuration is not possible.
 上記のような環境で、ユーザからの指示に基づいて、クライアント端末300に存在する重要データ500についてセキュアな保管を行う場合、まず、クライアント端末300において、重要データ500から秘密分散技術を利用して複数の部分データ510(図2の例では510a~510dの4つ)を生成する。それぞれの部分データ510は、上述したように、単独では意味をなさない非重要データである。なお、重要データ500は漏洩を防止するために削除する。 When secure storage of the important data 500 existing in the client terminal 300 is performed based on an instruction from the user in the environment as described above, first, the client terminal 300 uses secret sharing technology from the important data 500. A plurality of partial data 510 (four of 510a to 510d in the example of FIG. 2) are generated. Each partial data 510 is non-important data that does not make sense by itself, as described above. The important data 500 is deleted to prevent leakage.
 利用する秘密分散技術(秘密分散のアルゴリズム)については特に限定されず、例えば、n個の部分データ510うちk個以上集めれば重要データ500を復元することができるが、k個未満では原則として重要データ500を復元することができない、いわゆる(k,n)閾値型(1<k≦n)の秘密分散の手法を用いることができる。また、k、nの値も特に限定されず、セキュリティの強度や処理速度等の要件などに応じて適宜決定することができる。なお、nの値(生成する部分データ510の数)はデータセンター10の数以下であるものとする。換言すれば、n個の部分データ510に対してn個以上のデータセンター10を用意するものとする。 The secret sharing technique (secret sharing algorithm) to be used is not particularly limited. For example, if k or more of n partial data 510 are collected, the important data 500 can be restored, but if less than k, it is important in principle A so-called (k, n) threshold type (1 <k ≦ n) secret sharing technique that can not restore the data 500 can be used. In addition, the values of k and n are not particularly limited, and can be appropriately determined according to the requirements such as security strength and processing speed. Note that the value of n (the number of partial data 510 to be generated) is equal to or less than the number of data centers 10. In other words, n or more data centers 10 are prepared for n partial data 510.
 生成した部分データ510は、それぞれ重複しないように各データセンター10に振り分けて送信し、データ保管部110に分散保管する。すなわち、同一の重要データ500から生成した部分データ510は、それぞれ別個に異なるデータセンター10に保管するものとし、いずれか2つ以上の部分データ510が同一のデータセンター10に保管されることがないようにする。なお、クライアント端末300上の各部分データ510は漏洩を防止するために削除する。 The generated partial data 510 is distributed to each data center 10 and transmitted so as not to overlap, and is distributed and stored in the data storage unit 110. That is, partial data 510 generated from the same important data 500 are stored separately in different data centers 10, and any two or more partial data 510 are not stored in the same data center 10. Let's do it. The partial data 510 on the client terminal 300 is deleted to prevent leakage.
 以上のように、重要データ500から秘密分散技術により部分データ510を生成して各データセンター10に分散保管することで、クライアント端末300の盗難や紛失等による重要データ500の漏洩を防止することができる。また、各データセンター10は重要データ500につき部分データ510を1つしか有していないため、データセンター10に対して第三者が侵入して不正に部分データ510を取得したり、データセンター10の管理者等の内部の者が部分データ510を取得したりした場合でも、部分データ510を1つしか得ることができない。当該部分データ510だけでは重要データ500を復元・推測することはできないため、重要データ500の内容が漏洩することはない。 As described above, leakage of the important data 500 due to theft or loss of the client terminal 300 can be prevented by generating the partial data 510 from the important data 500 by the secret sharing technology and distributing and storing the partial data 510 in each data center 10. it can. In addition, since each data center 10 has only one partial data 510 for the important data 500, a third party invades the data center 10 and illegally acquires the partial data 510, or the data center 10 Even when an internal person such as the manager of the above acquires partial data 510, only one partial data 510 can be acquired. Since the important data 500 can not be restored / estimated only by the partial data 510, the contents of the important data 500 will not be leaked.
 また、各データセンター10が地理的にも組織的にも相互に関連のないものとなっている場合には、データセンター10の管理者等の内部の者が、他のデータセンター10にアクセスすることも、後述する認証処理と合わせて、困難である。従って、例えば、データセンター10の管理者等の内部の者が悪意を持った場合でも、他のデータセンター10から部分データ510を不正に取得し、k個以上集めて重要データ500を復元してしまうという事態を防止することができる。 In addition, when each data center 10 is not related geographically or systematically, a person inside the data center 10, such as a manager of the data center 10, accesses the other data center 10. It is also difficult together with the authentication process described later. Therefore, for example, even if an internal person such as a manager of data center 10 is malicious, partial data 510 is illegally acquired from another data center 10, and k or more data are collected to restore important data 500. It is possible to prevent the situation of
 <システム構成>
 以下では、本実施の形態のデータ分散保管システム1のシステム構成について説明する。図1は、本発明の一実施の形態であるデータ分散保管システム1の構成例について概要を示した図である。データ分散保管システム1は、ネットワーク400に対して、複数のサーバ100、マスタサーバ200、およびクライアント端末300が接続する構成を有する。なお、各サーバ100は、上述の図2に示したとおり、地理的にも組織的にも相互に関連のないデータセンター10内においてそれぞれ運用管理されているものとする。 <System configuration>
Below, the system configuration | structure of the data distribution storage system 1 of this Embodiment is demonstrated. FIG. 1 is a diagram showing an outline of a configuration example of a data distributed storage system 1 according to an embodiment of the present invention. The data distribution storage system 1 has a configuration in which a plurality of servers 100, a master server 200, and a client terminal 300 are connected to a network 400. Each server 100 is operated and managed in the data center 10 unrelated to each other geographically or systematically as shown in FIG. 2 described above.
 サーバ100は、サーバ機器によって構成されるコンピュータシステムであり、ファイルサーバもしくはストレージサーバ等として、ユーザ認証を経た後にクライアント端末300等からのアクセスを受け付けてデータ(部分データ510)の保管サービスを提供する機能を有する。サーバ100は、例えば、磁気ディスク等のストレージ機器からなるデータ保管部110およびソフトウェアプログラムにより実装される認証処理部120を有する。データ保管部110は、OS(Operating System)などの指示に基づいて、指定されたデータについての読み書きを行う。 The server 100 is a computer system configured by a server device, and as a file server or storage server, receives user access from a client terminal 300 or the like after user authentication and provides storage service of data (partial data 510). It has a function. The server 100 includes, for example, a data storage unit 110 made of a storage device such as a magnetic disk and an authentication processing unit 120 implemented by a software program. The data storage unit 110 reads and writes specified data based on an instruction from an OS (Operating System) or the like.
 認証処理部120は、サーバ100へのアクセスに対しての認証処理を行う。認証処理部120は、認証処理を行う際に利用する情報として、ユーザ毎のアカウント情報からなるユーザ情報130を有する。ユーザ情報130は、例えば、データベースやファイルテーブル等によって構成され、例えば、登録されたユーザのユーザID毎に、ユーザ毎に異なる固有情報としてのユーザシーズ131、およびパスワードを所定の手順によりハッシュ化したハッシュ化パスワード132などのアカウント情報を有する。また、認証処理部120は、サーバ毎に異なる固有情報としてのサーバシーズ140を有する。 The authentication processing unit 120 performs an authentication process for access to the server 100. The authentication processing unit 120 has user information 130 consisting of account information for each user as information used when performing authentication processing. The user information 130 includes, for example, a database, a file table, etc. For example, for each user ID of a registered user, a user sheath 131 as unique information different for each user and a password are hashed according to a predetermined procedure. It has account information such as a hashed password 132. Further, the authentication processing unit 120 has a server sheath 140 as unique information which differs for each server.
 本実施の形態では、認証処理部120は、後述するように、クライアント端末300との間でチャレンジ/レスポンス方式により認証処理を行う。すなわち、ユーザからの認証要求に対して、サーバシーズ140、ユーザシーズ131、およびチャレンジとしての乱数等を送信する。さらに、これらによってハッシュ化されたパスワード(ハッシュ値)をクライアント端末300からレスポンスとして受信して、受信したハッシュ値と、ハッシュ化パスワード132を上記乱数によってハッシュ化したものとを比較して認証を行う。従って、認証処理部120は、乱数生成の機能やハッシュアルゴリズムを実装している。なお、これらの実装には公知の各種技術やアルゴリズムを利用することができる。サーバ100とクライアント端末300との間の通信経路のセキュリティが確保されるなどの場合には、チャレンジ/レスポンス方式以外の他の方式を採用するなどしてもよい。 In the present embodiment, as described later, the authentication processing unit 120 performs authentication processing with the client terminal 300 by a challenge / response method. That is, in response to the authentication request from the user, the server sheath 140, the user sheath 131, and a random number as a challenge are transmitted. Furthermore, a password (hash value) hashed by these is received from the client terminal 300 as a response, and the received hash value is compared with that obtained by hashing the hashed password 132 with the above-mentioned random number to perform authentication. . Therefore, the authentication processing unit 120 implements a function of random number generation and a hash algorithm. Note that various known techniques and algorithms can be used for these implementations. In the case where security of the communication path between the server 100 and the client terminal 300 is ensured, for example, another method other than the challenge / response method may be adopted.
 マスタサーバ200は、サーバ機器やPC等によって構成されるコンピュータシステムであり、各サーバ100に保持するユーザシーズ131およびサーバシーズ140を生成して提供する。各サーバ100を代表して認証を行ういわゆる認証サーバではないため、ユーザ認証の機能は有さない。マスタサーバ200は、例えば、ソフトウェアプログラムにより実装されるシーズ生成部210を有する。シーズ生成部210は、管理者等からの指示もしくは各サーバ100からの要求等に基づいてシーズを生成し、ユーザシーズ131もしくはサーバシーズ140として、対象のサーバ100にネットワーク400を介して提供する。 The master server 200 is a computer system configured by a server device, a PC, and the like, and generates and provides a user sheath 131 and a server sheath 140 held in each server 100. Since it is not a so-called authentication server that performs authentication on behalf of each server 100, it has no user authentication function. Master server 200 includes, for example, a sheath generation unit 210 implemented by a software program. The sheath generation unit 210 generates a sheath based on an instruction from a manager or the like, a request from each server 100, or the like, and provides the sheath as a user sheath 131 or a server sheath 140 to the target server 100 via the network 400.
 シーズの生成方法やシーズのフォーマット等については特に限定されないが、例えば、所定の長さのユニークな文字列やバイナリデータを生成してシーズとすることができる。なお、マスタサーバ200は、他のサーバ100とは独立したデータセンター10に設置されていてもよいし、いずれかのサーバ100と同一のデータセンター10に、外部からアクセス可能な構成により設置されていてもよい。 There is no particular limitation on the method of generating the seeds, the format of the seeds, and the like, but, for example, a unique character string or binary data having a predetermined length can be generated as seeds. In addition, the master server 200 may be installed in the data center 10 independent of the other servers 100, or installed in the same data center 10 as any of the servers 100 by a configuration accessible from the outside. May be
 クライアント端末300は、重要データ500から秘密分散技術を利用して部分データ510を複数生成し、これらをそれぞれ重複しないように各サーバ100(各データセンター10)に振り分けて送信し、データ保管部110に分散保管する機能を有する。クライアント端末300は、例えば、ソフトウェアプログラムにより実装される分割処理部310、分散管理部320、復元処理部330、認証要求部340およびインタフェース部350の各部と、データベースもしくはファイルテーブル等からなる分散状況321および設定情報301の各テーブルを有する。 The client terminal 300 generates a plurality of partial data 510 from the important data 500 using the secret sharing technology, distributes them to each server 100 (each data center 10) and transmits them so as not to overlap each other, and the data storage unit 110 Distributed storage facilities. The client terminal 300 has, for example, a distribution status 321 including a division processing unit 310 implemented by a software program, a distribution management unit 320, a restoration processing unit 330, an authentication request unit 340, an interface unit 350, and a database or file table. And each table of setting information 301.
 分割処理部310は、後述するインタフェース部350を介してユーザからセキュアな保管を指示された重要データ500から、設定情報301の設定内容等に従って秘密分散により各サーバ100に分散保管する複数の部分データ510を生成する。上述したように、秘密分散の手法は特に限定されず、公知の(k,n)閾値型の秘密分散の手法を用いることができる。設定情報301には、例えば、利用する秘密分散のアルゴリズムを特定する情報や、k、nなどのパラメータを予め設定しておくことができる。 The division processing unit 310 generates a plurality of partial data from the important data 500 instructed by the user via the interface unit 350, which will be described later, for secure storage, and a plurality of partial data stored in each server 100 in a distributed manner by secret sharing. Generate 510 As described above, the secret sharing method is not particularly limited, and a known (k, n) threshold type secret sharing method can be used. In the setting information 301, for example, information specifying an algorithm of secret sharing to be used, and parameters such as k and n can be set in advance.
 分散管理部320は、重要データ500の分散保管の際に、分割処理部310によって生成された部分データ510を、設定情報301の設定内容に基づく所定の条件に従って各サーバ100に送信して分散保管するとともに、各部分データ510がいずれのサーバ100に保管されているかの対応に係る情報を分散状況321に記録して管理する。 The distributed management unit 320 transmits the partial data 510 generated by the division processing unit 310 to each server 100 according to a predetermined condition based on the setting content of the setting information 301 at the time of the distributed storage of the important data 500 and distributed storing. At the same time, information related to correspondence between which partial data 510 is stored in which server 100 is recorded in the distribution status 321 and managed.
 n個より多数のサーバ100が存在する場合、n個のサーバ100を選択し、各部分データ510をそれぞれどのサーバ100に保管するかを決定する手法については種々のものが考えられる。 When there are more than n servers 100, various methods can be considered for selecting n servers 100 and determining which server 100 each partial data 510 should be stored.
 図3は、部分データ510を保管するサーバ100の選択の例について示した図である。図3の例では、各重要データ500(“重要データα”、“重要データβ”、“重要データγ”、…)から(3,4)閾値型の秘密分散により生成した4つの部分データ510(“A”、“B”、“C”、“D”)に対して、6つのサーバ100(“サーバ#1”~“サーバ#6”)から保管先となるサーバ100を4つ選択して割り当てた場合を示している。 FIG. 3 is a diagram showing an example of selection of the server 100 for storing the partial data 510. In the example of FIG. 3, four partial data 510 generated by (3, 4) threshold type secret sharing from each important data 500 (“important data α”, “important data β”, “important data γ”,...) For (“A”, “B”, “C”, “D”), select four servers 100 as storage destinations from six servers 100 (“server # 1” to “server # 6”). Show the case of assignment.
 例えば、各サーバ100(“サーバ#1”~“サーバ#6”)をランダムあるいはスペック等に基づく優先順位等に従って順序付けしておき、そこからその時点で障害等により稼動していないサーバ100(図3の例では、“重要データγ”を保管する際の“サーバ#6”)を除外した上で、リストの順序に従ってn個のサーバ100を順に選択するようにしてもよい。このとき、毎回リストの先頭(例えば“サーバ#1”)からn個のサーバ100を選択するようにしてもよいし、図3の例に示すように、選択する際の始点を保管する重要データ500毎にずらして、選択するサーバ100をローテーションするようにしてもよい。 For example, the servers 100 (“server # 1” to “server # 6”) are ordered in accordance with a priority or the like based on random or spec, etc. In example 3, after excluding "server # 6" when storing "important data γ", n servers 100 may be selected in order according to the order of the list. At this time, n servers 100 may be selected from the top of the list (for example, “server # 1”) each time, and as shown in the example of FIG. The servers 100 to be selected may be rotated at intervals of 500.
 選択するサーバ100をローテーションすることで、複数の重要データ500について、部分データ510の分散保管のされ方がそれぞれ異なるようにすることができる。これにより、例えば、複数のサーバ100(図3の例では、網掛けされた“サーバ#1”、“サーバ#2”の2つ)で障害等により部分データ510の取得が不能となった場合に、復元できなくなる重要データ500の範囲を一部に抑え(図3の例では“重要データα”のみ)、全ての重要データ500が復元不能となるような事態を防止することができる。 By rotating the server 100 to be selected, the plurality of important data 500 can be distributed and stored in different ways in the partial data 510. As a result, for example, when acquisition of partial data 510 becomes impossible due to a failure or the like in a plurality of servers 100 (two in the example of FIG. 3, shaded "server # 1" and "server # 2") In addition, the range of the important data 500 that can not be restored can be limited to a part (in the example of FIG. 3, only "important data α"), and a situation where all the important data 500 can not be restored can be prevented.
 選択したn個のサーバ100に対して部分データ510を割り当てる手法についても種々のものが考えられる。例えば、図3の例に示すように、n個のサーバ100のリストに対して、n個の部分データ510を順次割り当てるようにしてもよいし、各部分データ510をランダムに割り当てるようにしてもよい。 Various methods can be considered as a method of allocating partial data 510 to the selected n servers 100. For example, as shown in the example of FIG. 3, n partial data 510 may be sequentially assigned to a list of n servers 100, or each partial data 510 may be randomly assigned. Good.
 設定情報301には、例えば、分散保管先となる各サーバ100に対するアクセス情報(IPアドレスやホスト名等)、n個より多数のサーバ100が存在する場合にn個のサーバ100を選択するための基準や条件(例えばサーバ100の優先順位や順序付けされたリスト、ローテーションの際の方法等)などを予め設定しておくことができる。 The setting information 301 includes, for example, access information (IP address, host name, etc.) for each server 100 serving as a distributed storage destination, and for selecting n servers 100 when there are more than n servers 100. Criteria and conditions (for example, the priority order of the server 100, an ordered list, a method for rotation, etc.) can be set in advance.
 また、分散管理部320は、後述する復元処理部330による重要データ500の復元の際に、復元処理部330からの要求に基づいて、分散状況321の内容、および設定情報301の設定内容に基づく所定の条件に従って、各サーバ100から、重要データ500を復元するためのm個の部分データ510を収集して復元処理部330に受け渡す。 Further, the distribution management unit 320 is based on the contents of the distribution status 321 and the setting contents of the setting information 301 based on the request from the restoration processing unit 330 when the restoration processing unit 330 restores the important data 500 described later. According to a predetermined condition, m partial data 510 for recovering the important data 500 are collected from each server 100 and delivered to the recovery processing unit 330.
 なお、収集する部分データ510の個数mの値は、重要データ500を復元するために必要な部分データ510の数k以上である必要があり、また、n個全ての部分データ510を収集するものとしてもよい(k≦m≦n)。設定情報301には、例えば、mの値や、m<nである場合に、対象となるm個のサーバ100を選択するための基準や条件、障害等により対象のサーバ100から部分データ510を取得できなかった場合の代替となるサーバ100の決定方法などを予め設定しておくことができる。 Note that the value of the number m of partial data 510 to be collected needs to be equal to or more than the number k of partial data 510 necessary to restore the important data 500, and all n partial data 510 are collected It is good also as (k <= m <= n). In the setting information 301, for example, partial data 510 from the target server 100 due to criteria or conditions for selecting the target m servers 100 when m <n and m <n are satisfied. It is possible to set in advance a determination method of the server 100 to be a substitute in the case where the acquisition can not be made.
 なお、サーバ100の障害等により、部分データ510の分散保管時にn個の部分データ510のうちいずれかを各サーバ100に保管できなかった場合や、部分データ510の収集時にk個以上収集できなかった場合は、ユーザに対してエラーを応答するようにしてもよい。また、各サーバ100との間で部分データ510の送受信を行う際に、クライアント端末300および各サーバ100がそれぞれ部分データ510に対して所定の暗号化を施した上で送受信することで、情報漏洩のリスクをさらに低減させるようにしてもよい。 If any of n partial data 510 can not be stored in each server 100 during distributed storage of partial data 510 due to a failure or the like of server 100, k or more can not be collected when partial data 510 is collected In this case, an error may be returned to the user. In addition, when transmitting and receiving partial data 510 to and from each server 100, the client terminal 300 and each server 100 perform predetermined encryption on the partial data 510 and then transmit and receive information. The risk of risk may be further reduced.
 復元処理部330は、インタフェース部350を介してユーザから参照や編集等の利用を指示された重要データ500について、これを復元するために必要な数以上の部分データ510を分散管理部320に要求して取得し、取得した部分データ510から秘密分散の手法により重要データ500を復元する。 The restoration processing unit 330 requests the distributed management unit 320 for the partial data 510 more than the number necessary for restoring the important data 500 instructed by the user via the interface unit 350 to be used for reference, editing, etc. From the acquired partial data 510, the important data 500 is restored by the secret sharing method.
 認証要求部340は、分散管理部320が各サーバ100に対して部分データ510を分散保管する際、および各サーバ100から部分データ510を収集する際の、各サーバ100に対する認証の要求を行う。例えば、ログイン画面を介してユーザからユーザIDおよびパスワードの入力を受け付け、後述するように、チャレンジ/レスポンス方式等により、各サーバ100の認証処理部120との間で順次もしくは並行的にそれぞれ個別に認証処理を行うことで、シングルサインオンの機能を実現する。 The authentication request unit 340 requests authentication of each server 100 when the distributed management unit 320 distributes and stores the partial data 510 to each server 100 and collects the partial data 510 from each server 100. For example, the input of the user ID and password is received from the user via the login screen, and as will be described later, sequentially or in parallel with the authentication processing unit 120 of each server 100 individually by a challenge / response method or the like. By performing authentication processing, the function of single sign-on is realized.
 ここでは、後述するように、認証要求の送信に対してサーバ100の認証処理部120から送信されたサーバシーズ140、ユーザシーズ131、および乱数に基づいて、ユーザから指定されたパスワードを所定の手順によりハッシュ化し、これをサーバ100の認証処理部120に送信することで認証処理を行う。従って、認証要求部340は、サーバ100の認証処理部120が実装しているものと同一のハッシュアルゴリズムを実装している。 Here, as described later, based on the server sheath 140, the user sheath 131, and the random number transmitted from the authentication processing unit 120 of the server 100 in response to the transmission of the authentication request, the password designated by the user is subjected to a predetermined procedure. , And transmits it to the authentication processing unit 120 of the server 100 to perform authentication processing. Therefore, the authentication request unit 340 implements the same hash algorithm as that implemented by the authentication processing unit 120 of the server 100.
 インタフェース部350は、クライアント端末300における画面表示等のユーザインタフェースやデータの送受信などの入出力機能を有する。ユーザは、例えば、一般的なOSが有するファイル管理用の画面等を利用して、データ分散保管システム1の機能を利用することができる。 The interface unit 350 has a user interface such as screen display in the client terminal 300 and an input / output function such as transmission / reception of data. The user can use the function of the data distribution storage system 1 by using, for example, a file management screen or the like possessed by a general OS.
 例えば、ファイル管理用の画面において重要データを特定のフォルダ等にドラッグ&ドロップなどの簡易な操作により移動する。これをトリガとして、分割処理部310および分散管理部320によって、自動的に当該重要データ500から(k,n)閾値型の秘密分散によりn個の部分データ510を生成し、各部分データ510をユーザに意識させずに各サーバ100に分散保管することができる。なお、上述したように、このとき重要データ500はクライアント端末300から削除するが、ファイル管理用の画面上では、ユーザに意識させないよう、例えば、重要データ500に対応するダミーファイル等を作成して残しておく。 For example, important data is moved to a specific folder or the like on a file management screen by a simple operation such as drag and drop. With this as a trigger, the division processing unit 310 and the distribution management unit 320 automatically generate n partial data 510 from the important data 500 by (k, n) threshold type secret sharing, and each partial data 510 Distributed storage can be performed in each server 100 without the user being aware. As described above, at this time the important data 500 is deleted from the client terminal 300, but on the screen for file management, for example, a dummy file corresponding to the important data 500 is created so as not to make the user conscious. I leave it.
 また、例えば、ユーザは、ファイル管理用の画面において特定のフォルダにて管理されている重要データ500のダミーファイル等に対して操作を行うことで、重要データ500に対する参照や編集等の操作を行うことができる。すなわち、ダミーファイル等に対する操作をトリガとして、分散管理部320および復元処理部330によって、ダミーファイル等に対応する重要データ500について、自動的に各サーバ100からm個(k≦m≦n)の部分データ510を収集し、重要データ500を復元してユーザに利用可能とすることができる。 Also, for example, the user performs an operation such as reference or editing on the important data 500 by performing an operation on a dummy file or the like of the important data 500 managed in a specific folder on the file management screen. be able to. That is, the distribution management unit 320 and the restoration processing unit 330 automatically trigger m pieces of important data 500 corresponding to the dummy file or the like from each server 100 (k ≦ m ≦ n) with the operation on the dummy file or the like as a trigger. Partial data 510 may be collected and key data 500 may be recovered and made available to the user.
 <認証処理>
 以下では、本実施の形態のデータ分散保管システム1における認証処理の内容について説明する。本実施の形態のデータ分散保管システム1では、上述したように、複数のサーバ100に対して部分データ510を分散保管する際、および複数のサーバ100から部分データ510を収集する際に、ユーザによる各サーバ100に対する個別の認証処理に伴う煩雑さを回避するため、シングルサインオンの仕組みを有する。 <Authentication process>
Below, the content of the authentication process in the data distribution storage system 1 of this Embodiment is demonstrated. In the data distribution storage system 1 according to the present embodiment, as described above, when storing partial data 510 in a plurality of servers 100 in a distributed manner and when collecting partial data 510 from a plurality of servers 100, the user In order to avoid the complexity involved in individual authentication processing for each server 100, a single sign-on mechanism is provided.
 本実施の形態では、各データセンター10が地理的にも組織的にも関連のないものであることから、例えば代表となる認証サーバ等での認証結果を、SAMLプロトコル等によって各サーバ100間で引き継ぐような認証手法ではなく、各データセンター10間で異なる固有情報(鍵)を用いて個別に認証処理を行うことで、各データセンター10へのアクセスを独立して安全に行える仕組みを有し、各データセンター10間でのセキュリティを確保する。 In the present embodiment, since each data center 10 is not related geographically or systematically, for example, the authentication result of the representative authentication server, etc. There is a mechanism that can independently and safely access each data center 10 by separately performing authentication processing using unique information (keys) different among each data center 10 instead of the authentication method that is taken over. , Secure the security between each data center 10.
 認証処理を行うに当たっての初期状態として、各サーバ100では、予め、マスタサーバ200のシーズ生成部210によって生成されたシーズをそれぞれサーバシーズ140として保持しているものとする。さらに、各ユーザによって、ユーザID、パスワード等を含むアカウント情報の初期登録が事前に行われているものとする。このとき、アカウント情報として、ユーザID毎にそれぞれマスタサーバ200のシーズ生成部210によって生成されたシーズをユーザシーズ131として保持しておく。さらに、パスワードについては、当該ユーザシーズ131およびサーバシーズ140をシード値として、所定のハッシュアルゴリズムによりハッシュ化したハッシュ化パスワード132として保持しておく。 As an initial state for performing the authentication process, each server 100 holds the seeds generated by the sheath generation unit 210 of the master server 200 in advance as the server sheath 140. Further, it is assumed that initial registration of account information including a user ID, a password and the like has been performed in advance by each user. At this time, as the account information, the seeds generated by the seeds generation unit 210 of the master server 200 are held as the user seeds 131 for each user ID. Further, with regard to the password, the user seeds 131 and the server seeds 140 are held as a seed value and as a hashed password 132 hashed by a predetermined hash algorithm.
 パスワードを直接保持しないことで、パスワードの漏洩を防止することができる。また、ユーザ毎にユニークなユーザシーズ131をシード値としてハッシュ化を行うことで、例えば、複数のユーザによって偶然同一のパスワードが指定された場合でも、ユーザ毎にハッシュ値が異なるようにすることができる。 By not holding the password directly, leakage of the password can be prevented. In addition, by hashing the user seeds 131 unique to each user as a seed value, for example, even when the same password is accidentally designated by a plurality of users, the hash value may be different for each user. it can.
 図4は、本実施の形態における認証処理の流れの例について概要を示した図である。まず、ユーザはクライアント端末300の認証要求部340を介して、認証(ログイン)の要求を行う。このとき、例えば、ユーザIDおよびパスワードの情報をログイン画面等を介して指定する。認証要求部340は、指定されたユーザIDを含む認証の要求をサーバ100へ送信する(S01)。 FIG. 4 is a diagram showing an outline of an example of the flow of the authentication process in the present embodiment. First, the user makes a request for authentication (login) via the authentication request unit 340 of the client terminal 300. At this time, for example, information of a user ID and a password is designated via a login screen or the like. The authentication request unit 340 transmits a request for authentication including the designated user ID to the server 100 (S01).
 ユーザIDを受信したサーバ100の認証処理部120は、チャレンジ/レスポンス方式におけるチャレンジとしての乱数を生成し、さらにシーズを取得して、これらをクライアント端末300に送信する(S02)。ここでは、乱数に加えて、サーバシーズ140と、ユーザ情報130に保持されたユーザIDに対応するユーザシーズ131を取得する。 The authentication processing unit 120 of the server 100 that has received the user ID generates random numbers as a challenge in the challenge / response method, further acquires seeds, and transmits these to the client terminal 300 (S02). Here, in addition to the random number, the server sheath 140 and the user sheath 131 corresponding to the user ID held in the user information 130 are acquired.
 サーバシーズ140とユーザシーズ131、および乱数を受信したクライアント端末300の認証要求部340では、ステップS01において指定されたパスワードを所定のハッシュアルゴリズムによりハッシュ化する(S03)。さらに、ステップS03で得られたハッシュ値を、ユーザシーズ131をシード値としてハッシュ化する(S04)。さらに、ステップS04で得られたハッシュ値を、サーバシーズ140をシード値としてハッシュ化する(S05)。さらに、ステップS05で得られたハッシュ値を、乱数をシード値としてハッシュ化することでワンタイム化し、得られたハッシュ値をサーバ100へ送信する(S06)。 The server sheath 140 and the user sheath 131, and the authentication request unit 340 of the client terminal 300 having received the random number hash the password designated in step S01 according to a predetermined hash algorithm (S03). Further, the hash value obtained in step S03 is hashed using the user seed 131 as a seed value (S04). Further, the hash value obtained in step S04 is hashed using the server seeds 140 as a seed value (S05). Further, the hash value obtained in step S05 is made one-time by hashing the random number as a seed value, and the obtained hash value is transmitted to the server 100 (S06).
 なお、上記のステップS03~S05の一連のハッシュ化処理手順は、一例であり、同等の結果が得られる他の手順とすることも当然可能であるが、事前のユーザ登録の際にパスワードをハッシュ化してハッシュ化パスワード132を取得する際のハッシュ化処理と同一の手順である必要がある。また、例えば、ステップS02において、サーバ100からパスワードの有効期限が経過しているためパスワードを更新する旨の指示を受信した場合など、必要に応じて、ステップS03を実行する前にパスワード(およびハッシュ化パスワード132)の更新を行えるようにしてもよい。 Note that the series of hashing processing procedures in the above steps S03 to S05 are only an example, and it is naturally possible to use other procedures that can obtain equivalent results, but the password may be hashed at the time of user registration in advance. It is necessary to follow the same procedure as the hashing process when acquiring the hashed password 132 by In addition, for example, when an instruction to update the password is received from the server 100 because the password expiration date has passed in step S02, the password (and the hash before executing step S03, if necessary, etc. It may be possible to update the authentication password 132).
 ハッシュ値を受信したサーバ100の認証処理部120は、ユーザ情報130から対象のユーザIDに対応するハッシュ化パスワード132を取得し(S07)、取得したハッシュ化パスワード132を、ステップS02で生成した乱数をシード値としてハッシュ化する(S08)。その後、得られたハッシュ値と、ステップS07でクライアント端末300から受信したハッシュ値とを比較することで認証処理を行い、認証結果をクライアント端末300に送信する(S09)。すなわち、比較の結果両者が一致すれば認証は成立し、不一致であれば認証は不成立となる。なお、このとき例えば、クライアント端末300からの要求電文からIPアドレス等の発信元の所在に係る情報を取得し、当該情報が所定の範囲内にあるか否か等の他の条件を認証の成否の判断に加えてもよい。 The authentication processing unit 120 of the server 100 having received the hash value acquires the hashed password 132 corresponding to the target user ID from the user information 130 (S07), and the acquired hashed password 132 is the random number generated in step S02. Is hashed as a seed value (S08). Thereafter, the authentication process is performed by comparing the obtained hash value with the hash value received from the client terminal 300 in step S07, and the authentication result is transmitted to the client terminal 300 (S09). That is, if the comparison results in a match, the authentication is established. If the two do not match, the authentication is not established. At this time, for example, information related to the whereabouts of the sender such as the IP address is acquired from the request message from the client terminal 300, and other conditions such as whether the information is within a predetermined range indicate success or failure of authentication. It may be added to the judgment of
 クライアント端末300の認証要求部340は、認証結果を受領し(S10)、その後、必要に応じて他のサーバ100に対しても順次上記の一連の処理を自動的に行い、各サーバ100に対する認証処理を行う。各サーバ100での認証処理は独立していることから、必要な複数のサーバ100に対して上記の一連の処理を同時並行的に行うことも可能である。なお、必要なサーバ100の情報については、例えば、クライアント端末300の設定情報301等に予め設定しておいてもよいし、分散管理部320が、部分データ510の分散保管時や収集時に選択したサーバ100を対象としてもよい。 The authentication request unit 340 of the client terminal 300 receives the authentication result (S10), and then automatically performs the above-described series of processing automatically on the other servers 100 as needed, and performs authentication on each server 100. Do the processing. Since the authentication process in each server 100 is independent, it is also possible to perform the above-described series of processes simultaneously in parallel with respect to a plurality of necessary servers 100. The necessary information of the server 100 may be set in advance, for example, in the setting information 301 or the like of the client terminal 300, or the distributed management unit 320 selects at the time of distributed storage or collection of the partial data 510. The server 100 may be targeted.
 以上の処理により、ユーザは、ユーザIDおよびパスワードの指定を1回行うだけで、必要な各サーバ100に対して認証処理を行うことができる。 By the above process, the user can perform the authentication process on each of the necessary servers 100 only by specifying the user ID and the password once.
 上述したような手法をとることにより、例えば、あるサーバ100やデータセンター10の管理者等が、対象のユーザのユーザシーズ131やハッシュ化パスワード132などのアカウント情報を自身のユーザ情報130から取得したとしても、これらの情報を利用して他のサーバ100(データセンター10)に対してなりすましによる認証を行うことはできず、サーバ100間でのセキュリティは確保される。 By taking the method as described above, for example, an administrator or the like of a certain server 100 or data center 10 acquires account information such as the user seeds 131 of the target user and the hashed password 132 from the user information 130 of the user. Even in this case, authentication by impersonation can not be performed on another server 100 (data center 10) using such information, and security between the servers 100 is secured.
 これは、あるサーバ100でのユーザのハッシュ化パスワード132の値は、自身のサーバシーズ140によってハッシュ化されたものであり、他のサーバ100における当該ユーザのハッシュ化パスワード132は、当該他のサーバ100のサーバシーズ140によってハッシュ化されたものであるため値が異なるからである。従って、両者を同じ乱数をシード値としてハッシュ化しても同一のハッシュ値とはならず、図4のステップS09において認証は不成立となる。また、当該他のサーバ100のサーバシーズ140を何らかの手段で取得してきたとしても、対象のユーザのパスワードを知らない限り、当該他のサーバ100におけるハッシュ化パスワード132と同じ値のハッシュ値を生成することはできない。 This is because the value of the hashed password 132 of the user in one server 100 is hashed by its own server 140, and the hashed password 132 of the user in the other server 100 is the same as the other server. This is because the values are different because they are hashed by the 100 server seeds 140. Therefore, even if both of them are hashed using the same random number as a seed value, they will not be the same hash value, and the authentication will not be established in step S09 of FIG. Further, even if the server seeds 140 of the other server 100 are acquired by some means, a hash value having the same value as the hashed password 132 in the other server 100 is generated unless the password of the target user is known. It is not possible.
 以上に説明したように、本発明の一実施の形態であるデータ分散保管システム1によれば、重要データ500から秘密分散技術により部分データ510を生成して各データセンター10に分散保管することで、クライアント端末300の盗難や紛失等による重要データ500の漏洩を防止することができる。また、各データセンター10は重要データ500につき部分データ510を1つしか有していないため、データセンター10に対して第三者が侵入して不正に部分データ510を取得したり、データセンター10の管理者等の内部の者が部分データ510を取得したりした場合でも、部分データ510を1つしか得ることができない。当該部分データ510だけでは重要データ500を復元・推測することはできないため、重要データ500の内容が漏洩することはない。 As described above, according to the data distribution storage system 1 which is one embodiment of the present invention, the partial data 510 is generated from the important data 500 by the secret sharing technology, and is stored separately in each data center 10 It is possible to prevent the leakage of the important data 500 due to the theft or loss of the client terminal 300. In addition, since each data center 10 has only one partial data 510 for the important data 500, a third party invades the data center 10 and illegally acquires the partial data 510, or the data center 10 Even when an internal person such as the manager of the above acquires partial data 510, only one partial data 510 can be acquired. Since the important data 500 can not be restored / estimated only by the partial data 510, the contents of the important data 500 will not be leaked.
 また、サーバ100毎に異なる固有情報(サーバシーズ140)を用いて認証を行うことで、データセンター10の管理者等の内部の者が、悪意を持って他のデータセンター10にアクセスすることも困難であることから、各データセンター10間での部分データ510の不正取得を防止するためのセキュリティを確保することが可能となる。 In addition, by performing authentication using unique information (server seeds 140) different for each server 100, a person such as an administrator of the data center 10 may access another data center 10 with malicious intent. Since it is difficult, it is possible to secure security for preventing unauthorized acquisition of partial data 510 between each data center 10.
 また、ユーザによるクライアント端末300からの一度の認証処理によって複数のサーバ100に対するシングルサインオンを実現することができ、また、各サーバ100での認証を同時並行的に行うことが可能である。従って、重要データ500から生成された部分データ510の分散保管、および重要データ500を復元するために必要な数以上の部分データ510の収集において、認証に要する時間を削減してレスポンスの低下を抑止することが可能となる。 In addition, single sign-on to a plurality of servers 100 can be realized by a single authentication process from a client terminal 300 by a user, and authentication by each server 100 can be performed simultaneously in parallel. Therefore, in the distributed storage of partial data 510 generated from the important data 500 and collection of the partial data 510 more than the number necessary to restore the important data 500, the time required for authentication is reduced to suppress the deterioration of the response. It is possible to
 以上、本発明者によってなされた発明を実施の形態に基づき具体的に説明したが、本発明は前記実施の形態に限定されるものではなく、その要旨を逸脱しない範囲で種々変更可能であることはいうまでもない。 As mentioned above, although the invention made by the present inventor was concretely explained based on an embodiment, the present invention is not limited to the above-mentioned embodiment, and can be variously changed in the range which does not deviate from the gist. Needless to say.
 本発明は、重要データから秘密分散技術により複数の非重要データを生成して複数の拠点に分散保管するデータ分散保管システムに利用可能である。 INDUSTRIAL APPLICABILITY The present invention is applicable to a data distributed storage system that generates a plurality of non-important data from important data by secret sharing technology and distributes and stores them at a plurality of sites.
 1…データ分散保管システム、
 10、10a~d…データセンター、
 100、100a~d…サーバ、110、110a~d…データ保管部、120…認証処理部、130…ユーザ情報、131…ユーザシーズ、132…ハッシュ化パスワード、140…サーバシーズ、
 200…マスタサーバ、210…シーズ生成部、
 300…クライアント端末、301…設定情報、310…分割処理部、320…分散管理部、321…分散状況、330…復元処理部、340…認証要求部、350…インタフェース部、
 400…ネットワーク、
 500…重要データ、510a~d…部分データ。

 
 
 
 
  1 ... Distributed data storage system,
10, 10a-d ... data center,
100, 100a to d: server, 110, 110a to d: data storage unit, 120: authentication processing unit, 130: user information, 131: user seed, 132: hashed password, 140: server seed,
200 ... master server, 210 ... sheath generation unit,
300: client terminal, 301: setting information, 310: division processing unit, 320: distribution management unit, 321: distribution status, 330: restoration processing unit, 340: authentication request unit, 350: interface unit,
400 ... network,
500 ... important data, 510a to d ... partial data.





Claims (8)

  1.  クライアント端末において、重要データから秘密分散技術により複数の非重要データである部分データを生成し、前記各部分データを、ネットワークを介して接続された複数のサーバに分散保管するデータ分散保管システムであって、
     前記各サーバは、それぞれ、前記クライアント端末から受信した前記部分データを保管するデータ保管部を有し、
     前記クライアント端末は、ユーザから保管を指示された前記重要データから前記秘密分散技術によりk個以上集めなければ前記重要データを復元できないn個(k≦n)の前記部分データを生成する分割処理部と、
     前記分割処理部によって生成されたn個の前記部分データを、n個の前記サーバの前記データ保管部にそれぞれ保管し、また、前記重要データを復元するためのm個(k≦m≦n)の前記部分データをm個の前記サーバからそれぞれ収集する分散管理部と、
     前記ユーザから利用を指示された前記重要データについて、前記分散管理部から取得したm個の前記部分データから前記秘密分散技術により前記重要データを復元する復元処理部とを有することを特徴とするデータ分散保管システム。     In the client terminal, a plurality of non-important data partial data are generated from important data using secret sharing technology, and the data distribution storage system distributes and stores the partial data on a plurality of servers connected via a network. ,
    Each of the servers has a data storage unit for storing the partial data received from the client terminal.
    A division processing unit that generates n pieces (k ≦ n) of partial data that can not restore the important data unless collecting k or more pieces from the important data instructed by the user by the secret sharing technique. When,
    N pieces of the partial data generated by the division processing unit are respectively stored in the data storage unit of n pieces of the server, and m pieces (k ≦ m ≦ n) for restoring the important data A distributed management unit that collects the partial data of the plurality of
    A data processing unit for restoring the important data by the secret sharing technique from the m pieces of partial data acquired from the distribution management unit for the important data instructed to be used by the user Distributed storage system.
  2.  請求項1に記載のデータ分散保管システムにおいて、
     前記クライアント端末の前記分散管理部は、n個以上の前記サーバの中から、n個の前記部分データを保管する対象となるn個の前記サーバを選択する際に、選択するn個の前記サーバを、保管する前記重要データ毎に順次ローテーションさせることを特徴とするデータ分散保管システム。     In the data distribution storage system according to claim 1,
    The distributed management unit of the client terminal selects the n servers selected when selecting the n servers to be stored n partial data from among the n or more servers. A data distribution storage system characterized by rotating sequentially for every said important data to store.
  3.  請求項1または2に記載のデータ分散保管システムにおいて、
     前記各サーバは、さらに、前記サーバへのアクセスに対しての認証処理を行う認証処理部を有し、
     前記クライアント端末は、さらに、前記分散管理部が前記各サーバに対して前記部分データを保管する際、および前記各サーバから前記部分データを収集する際に、前記ユーザからユーザIDおよびパスワードの指定を受けて前記各サーバに対して順次もしくは並行的に認証の要求を送信する認証要求部を有し、
     前記サーバの前記認証処理部は、前記サーバ毎に固有情報であるサーバシーズと、登録されたユーザのユーザID毎に、前記ユーザ毎に固有情報であるユーザシーズと、前記ユーザのパスワードを前記サーバシーズおよび前記ユーザシーズを用いて所定の手順でハッシュ化したハッシュ化パスワードとを含むアカウント情報を保持するユーザ情報とを有し、前記クライアント端末から受信した前記認証の要求に対して、前記サーバシーズと対象の前記ユーザに係る前記ユーザシーズ、および生成した乱数を前記クライアント端末に対して送信し、
     前記クライアント端末の前記認証要求部は、前記ユーザから指定されたパスワードを、前記サーバから受信した前記サーバシーズおよび前記ユーザシーズを用いて所定の手順でハッシュ化し、さらに前記乱数を用いてハッシュ化したハッシュ値を前記サーバに送信し、
     前記サーバの前記認証処理部は、前記クライアント端末から受信した前記ハッシュ値と、対象の前記ユーザに係る前記ハッシュ化パスワードを前記乱数を用いてハッシュ化した値とを比較して認証を行い、認証結果を前記クライアント端末に送信することを特徴とするデータ分散保管システム。     In the data distribution storage system according to claim 1 or 2,
    Each of the servers further includes an authentication processing unit that performs authentication processing for access to the server,
    In the client terminal, when the distributed management unit stores the partial data in each server and collects the partial data from each server, the user designates the user ID and the password from the user. It has an authentication request unit that receives and sends authentication requests to each of the servers sequentially or in parallel,
    The authentication processing unit of the server includes a server seed which is unique information for each server, a user seed which is unique information for each user, and a password of the user for each user ID of a registered user. And the user information holding account information including a hashed password hashed in a predetermined procedure using the user's seeds and the server seeds in response to the request for the authentication received from the client terminal. Transmitting the user seeds relating to the target user and the generated random number to the client terminal;
    The authentication request unit of the client terminal hashes the password designated by the user according to a predetermined procedure using the server sheath received from the server and the user sheath, and further hashs the password using the random number. Send the hash value to the server,
    The authentication processing unit of the server performs authentication by comparing the hash value received from the client terminal with a value obtained by hashing the hashed password for the target user using the random number. A distributed data storage system characterized by transmitting a result to the client terminal.
  4.  請求項1~3のいずれか1項に記載のデータ分散保管システムにおいて、
     さらに、前記ネットワークに接続され、前記各サーバからの要求に基づいて、前記各サーバに対して前記シーズとなるシード値を生成して提供するマスタサーバを有することを特徴とするデータ分散保管システム。     In the data distribution storage system according to any one of claims 1 to 3,
    Furthermore, it is connected to the said network, and the master server which produces | generates and provides the seed value used as said seed with respect to each said server based on the request | requirement from each said server is provided, The data distribution storage system characterized by the above-mentioned.
  5.  請求項1~4のいずれか1項に記載のデータ分散保管システムにおいて、
     前記クライアント端末の前記分散管理部は、n個の前記部分データをn個の前記サーバにそれぞれ保管した際に、前記各部分データがいずれの前記サーバに保管されているかの対応に係る情報を分散状況記録部に記録することを特徴とするデータ分散保管システム。     In the data distribution storage system according to any one of claims 1 to 4,
    When the distributed management unit of the client terminal stores n pieces of the partial data in n pieces of the server, the distributed management unit distributes information relating to which server the partial data is stored in A data distribution storage system characterized by recording in a situation recording unit.
  6.  請求項1~5のいずれか1項に記載のデータ分散保管システムにおいて、
     前記クライアント端末は、前記秘密分散技術に係るk、m、nの値、前記各サーバに対するアクセス情報、前記分散管理部がn個の前記部分データを保管する対象となるn個の前記サーバを選択する条件、前記分散管理部がm個の前記部分データを収集する対象となるm個の前記サーバを選択する条件、および前記分散管理部が前記サーバから前記部分データを取得できなかった場合の代替となる前記サーバの決定方法のうち、少なくとも1つ以上の情報が予め設定された設定情報を有することを特徴とするデータ分散保管システム。     In the data distribution storage system according to any one of claims 1 to 5,
    The client terminal selects values of k, m and n according to the secret sharing technology, access information for each server, and n pieces of servers for which the distribution management unit stores n pieces of partial data Condition, the condition that the distributed management unit selects m pieces of servers to collect the partial data, and the alternative when the distributed management unit can not acquire the partial data from the server A data distribution storage system characterized in that at least one or more pieces of information among the determination methods of the server become preset information having preset.
  7.  請求項1~6のいずれか1項に記載のデータ分散保管システムにおいて、
     前記クライアント端末の前記分散管理部は、n個の前記部分データをn個の前記サーバにそれぞれ保管する際に、n個の前記部分データのいずれかを前記サーバに保管できなかった場合、もしくはm個の前記部分データをm個の前記サーバからそれぞれ収集する際に、k個以上収集できなかった場合は、前記ユーザに対してエラーを応答することを特徴とするデータ分散保管システム。     In the data distribution storage system according to any one of claims 1 to 6,
    When the distributed management unit of the client terminal stores n pieces of the partial data in the n servers, if any of the n pieces of the partial data can not be stored in the server, or m A data distribution storage system characterized by responding an error to the user when k or more pieces of the partial data are not collected when collecting the partial data from m pieces of servers.
  8.  請求項1~7のいずれか1項に記載のデータ分散保管システムにおいて、
     前記クライアント端末および前記各サーバは、前記部分データを送受信する際に、送信する前記部分データを所定の手段で暗号化することを特徴とするデータ分散保管システム。
     
     
     
     
          In the data distribution storage system according to any one of claims 1 to 7,
    The data distributed storage system, wherein the client terminal and each of the servers encrypt the partial data to be transmitted by a predetermined means when transmitting and receiving the partial data.




PCT/JP2011/079837 2011-07-08 2011-12-22 Data distributed storage system WO2013008351A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2011151337A JP4860779B1 (en) 2011-07-08 2011-07-08 Distributed data storage system
JP2011-151337 2011-07-08

Publications (1)

Publication Number Publication Date
WO2013008351A1 true WO2013008351A1 (en) 2013-01-17

Family

ID=45604562

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/JP2011/079837 WO2013008351A1 (en) 2011-07-08 2011-12-22 Data distributed storage system

Country Status (2)

Country Link
JP (1) JP4860779B1 (en)
WO (1) WO2013008351A1 (en)

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5850974B2 (en) * 2014-04-21 2016-02-03 日本電信電話株式会社 File distribution system, file distribution method, and program
EP3276525B1 (en) 2015-03-23 2019-12-11 Fujifilm Corporation Image file distribution device, image file restoration device, method and program therefor, and recording medium in which program is stored
US11050745B2 (en) 2015-08-26 2021-06-29 Nec Corporation Information processing apparatus, authentication method, and recording medium for recording computer program
US10348490B2 (en) 2015-12-10 2019-07-09 Ns Solutions Corporation Information processing device, authorization system, information processing method, and recording medium
JP6799012B2 (en) * 2016-01-18 2020-12-09 日本電信電話株式会社 Concealment decision tree calculation system, equipment, method and program
JP6493885B2 (en) 2016-03-15 2019-04-03 富士フイルム株式会社 Image alignment apparatus, method of operating image alignment apparatus, and image alignment program
JP7099305B2 (en) 2018-12-20 2022-07-12 富士通株式会社 Communication equipment, communication methods, and communication programs

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005209118A (en) * 2004-01-26 2005-08-04 Nippon Telegr & Teleph Corp <Ntt> Information distributed storage system, overall authentication server device used therefor, authentication server device, distributed storage server device, and information distributed storage method
JP2007102672A (en) * 2005-10-07 2007-04-19 Toppan Nsw:Kk Data backup device, data backup method and program
JP2009010531A (en) * 2007-06-26 2009-01-15 Toshiba Corp Security distribution device, method, and program

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005209118A (en) * 2004-01-26 2005-08-04 Nippon Telegr & Teleph Corp <Ntt> Information distributed storage system, overall authentication server device used therefor, authentication server device, distributed storage server device, and information distributed storage method
JP2007102672A (en) * 2005-10-07 2007-04-19 Toppan Nsw:Kk Data backup device, data backup method and program
JP2009010531A (en) * 2007-06-26 2009-01-15 Toshiba Corp Security distribution device, method, and program

Also Published As

Publication number Publication date
JP2013020313A (en) 2013-01-31
JP4860779B1 (en) 2012-01-25

Similar Documents

Publication Publication Date Title
US11108753B2 (en) Securing files using per-file key encryption
US9667416B1 (en) Protecting master encryption keys in a distributed computing environment
CN111488598B (en) Access control method, device, computer equipment and storage medium
CN103563278B (en) Securing encrypted virtual hard disks
US9954680B1 (en) Secure management of a master encryption key in a split-key based distributed computing environment
EP3216188B1 (en) Roaming content wipe actions across devices
US8984611B2 (en) System, apparatus and method for securing electronic data independent of their location
WO2013008351A1 (en) Data distributed storage system
CN104618096B (en) Protect method, equipment and the TPM key administrative center of key authorization data
JP4875781B1 (en) Distributed data storage system
US9363247B2 (en) Method of securing files under the semi-trusted user threat model using symmetric keys and per-block key encryption
WO2013006296A1 (en) Methods and apparatus for secure data sharing
CN104520873A (en) Systems and methods for securing and restoring virtual machines
CN101605137A (en) Safe distribution file system
WO2017033442A1 (en) Information processing device, authentication system, authentication method, and recording medium for recording computer program
CN102833256A (en) Method and cloud system for registering cluster control server and node control server
JP4133215B2 (en) Data division method, data restoration method, and program
CN105518696A (en) Performing an operation on a data storage
Varghese et al. Integrity verification in multi cloud storage
KR102413497B1 (en) Systems and methods for secure electronic data transmission
CN107317823A (en) Encryption method and system in a kind of cloud storage system
CN111651776A (en) Access control record storage method and device
Katre et al. Trusted third party for data security in cloud environment
JP6293617B2 (en) Authentication control system, control server, authentication control method, program
JP5778018B2 (en) Electronic data management system and electronic data management method

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11869280

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 11869280

Country of ref document: EP

Kind code of ref document: A1