WO2013065135A1 - Data sharing system - Google Patents

Data sharing system Download PDF

Info

Publication number
WO2013065135A1
WO2013065135A1 PCT/JP2011/075213 JP2011075213W WO2013065135A1 WO 2013065135 A1 WO2013065135 A1 WO 2013065135A1 JP 2011075213 W JP2011075213 W JP 2011075213W WO 2013065135 A1 WO2013065135 A1 WO 2013065135A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
divided data
divided
original data
server
Prior art date
Application number
PCT/JP2011/075213
Other languages
French (fr)
Japanese (ja)
Inventor
佐藤 敦
壮一 最首
Original Assignee
株式会社野村総合研究所
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 株式会社野村総合研究所 filed Critical 株式会社野村総合研究所
Priority to PCT/JP2011/075213 priority Critical patent/WO2013065135A1/en
Priority to PCT/JP2012/077462 priority patent/WO2013065545A1/en
Publication of WO2013065135A1 publication Critical patent/WO2013065135A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/60Digital content management, e.g. content distribution

Definitions

  • the present invention relates to a technique for sharing data among a plurality of users, and in particular, based on divided data generated from a target original data by a secret sharing method and distributed and stored in a plurality of servers and the like, the other users share the original data.
  • the present invention relates to a technology that is effective when applied to a data sharing system that shares original data by restoration.
  • the risk of information leakage due to loss of the terminal due to the so-called thin client that stores data including important data in the terminal in an external data center or server where security measures are taken It is conceivable to reduce.
  • the important data is not stored in an external server or the like as it is, but for example, the so-called secret sharing technique described in Non-Patent Document 1 or the like is used, and the important data alone is meaningless. It has also been proposed to divide into non-important data (important data cannot be restored / inferred) and store these non-important data in a plurality of external servers. Thereby, for example, the risk of information leakage can be reduced even in the case of storage in a virtual data center or virtual server in a cloud computing environment.
  • each user individually manages the divided data. It leads to a decrease in convenience. For example, it is necessary for the user to know the number of divided data generated from the original data, each file name, on which server each divided data is stored, and to restore the original data. It is difficult to force the user to operate by specifying a server or the like in which each piece of divided data is stored.
  • the system performs processing such as secret sharing processing (processing for dividing and restoring original data) that is performed when the original data is stored and referenced, distributed storage of generated divided data, and collection of divided data. It is automatically performed to conceal parts related to these processes from the user.
  • secret sharing processing processing for dividing and restoring original data
  • an information processing apparatus that performs secret sharing processing for dividing user original data into a plurality of divided data, such as a client terminal of each user or a specific management server such as a file server, which server or the like Management information including the location information indicating whether or not it has been stored (hereinafter, sometimes referred to as “distributed management information”) is stored.
  • the distributed management information is associated with, for example, a dummy file representing the original data, and the user performs operations such as reference and editing on the dummy file.
  • the information processing apparatus Upon receiving an operation request for the original data from the user via the dummy file, the information processing apparatus refers to the distributed management information to identify the server where the necessary divided data is stored, and directly Access the server etc., collect the necessary divided data and restore the original data. As a result, the user can access the original data distributed and stored as a plurality of pieces of divided data by using an interface similar to a normal file operation.
  • Patent Document 1 stores tally folders A, B,... For storing tally files, a restoration destination folder for storing restoration files, and a tally object file by an information management computer.
  • a tally object folder, a tally engine folder containing a restoration engine program and a division engine program, and a tally parameter including information on a decoding boundary, which is a range that can be read by the tally application, are set as tally object files A, B,.
  • the tally file name / storage location and the object information of the restoration destination folder are stored in, the tally file is collected directly based on the tally file storage location and the decoding boundary, the restoration file is generated, and the restoration file is stored and opened.
  • Distributed information file management means for restoring efficiently locate and original data to prevent file is described.
  • the original data is divided into a plurality of divided data by secret sharing, and these are distributed and stored, so that the original data can be securely stored while increasing the availability.
  • the original data distributed and stored in the server or the like as a plurality of divided data is shared with other users so that the normal file is placed on the file server or the like instead of on the local client terminal.
  • the distribution management information and dummy files generated when the original data is divided by the secret sharing method for example, the tally object file in the example described in Patent Document 1
  • the creator of the original data and the sharer Sync online with or offline.
  • the sharer can collect necessary divided data based on the synchronized distributed management information, and can restore and refer to the original data.
  • the distributed management information held by each sharer specifies different versions of divided data for the same original data. Therefore, for example, a sharer other than the sharer who performed the edit cannot grasp that the edit has been performed, and the original data before the edit even if the original data is restored based on the distributed management information that the sharer has. Is restored, and the consistency of the original data among the sharers cannot be maintained. In order to solve this problem, it is necessary to perform processing such as re-synchronizing the distributed management information corresponding to the original data after editing between the sharers.
  • an object of the present invention is to divide original data into a plurality of divided data by a secret sharing method and distribute the original data in a plurality of servers etc. to securely store the original data among a plurality of users.
  • An object of the present invention is to provide a data sharing system that enables processing of editing and updating original data without requiring resynchronization processing for distributed management information and the like when sharing data.
  • a data sharing system is connected to a plurality of servers having storage devices and each of the servers via a network, and n original data is obtained by a (k, n) threshold secret sharing method.
  • the data sharing system includes an information processing apparatus that divides each of the divided data into the divided data and distributes and stores the divided data in the storage devices of the n servers.
  • the data sharing system has the following characteristics.
  • the information processing apparatus divides the original data into (n ⁇ 1) first divided data and one second divided data by the (k, n) threshold secret sharing method. And (n-1) pieces of the first divided data are transmitted to the (n-1) different servers, each of which holds the second divided data on the information processing apparatus. And the (k, n) threshold secret sharing method generates the second divided data so as to have the same value every time even when the contents of the original data are updated.
  • the server includes a distributed storage unit that stores the first divided data transmitted from the information processing apparatus in the storage device.
  • a mechanism for securely storing original data by dividing the original data into a plurality of divided data by the secret sharing method and distributing and storing them in a plurality of servers or the like.
  • the original data is shared among a plurality of users, it becomes possible to perform editing and update processing on the shared original data without requiring resynchronization processing for the distributed management information and the like.
  • the original data is divided into a plurality of divided data by the secret sharing method, and these are distributed and stored, so that the original data can be securely stored while increasing the availability.
  • the reference data is not edited or updated, only normal file sharing As in the case of, it can be realized relatively easily.
  • the distribution management information and dummy files generated when the original data is divided by the secret sharing method are synchronized online or offline between the creator of the original data and the sharer. Accordingly, the sharer can collect necessary divided data based on the synchronized distributed management information, and can restore and refer to the original data.
  • FIG. 5 is a diagram showing an outline of an example in the case of sharing with editing and updating of original data in the conventional technique.
  • the client terminal A when the user stores the original data 150a (version 1), for example, n pieces of original data 150a (see FIG.
  • the data is divided into four pieces of divided data 152a (version 1), and these are distributed and stored in n servers 200.
  • n servers 200 Here, for convenience of explanation, a plurality of divided data 152a is illustrated as being stored together in the server 200, but in reality, each divided data 152a is distributed and stored on n different servers 200.
  • each divided data 152a is distributed and stored on n different servers 200.
  • the client terminal A (100a) specifies each divided data 152a corresponding to the original data 150a, and generates distributed management information 151a (version 1) including information relating to the location of each divided data 152a.
  • the distributed management information 151a may be associated with a dummy file (for example, a so-called shortcut or alias for the original data 150a) corresponding to the original data 150a.
  • the distributed management information 151a is synchronized with another client terminal B (100b).
  • the distributed management information 151a can be transmitted to the client terminal B (100b) via the network 300 and synchronized online, or can be manually transferred to the user of the client terminal B (100b) and synchronized offline. .
  • the client terminal B (100b) that has synchronized the distributed management information 151a
  • the client terminal B (100b) refers to the distributed management information 151a based on a request from the user or the like, and is k or more from the server 200 in which each divided data 152a is stored.
  • the divided data 152a is acquired and collected. Further, the original data 150a is restored by the (k, n) threshold secret sharing method based on the collected k or more pieces of divided data 152a.
  • the user of the client terminal B (100b) edits or updates the original data 150a with a predetermined application or the like to obtain the edited original data 150b (version 2).
  • the original data 150b is divided into n pieces (4 pieces in the example of FIG. 5) of divided data 152b (version 2) by, for example, the (k, n) threshold secret sharing method.
  • n servers 200 may be partly or entirely different from the n servers 200 in which the divided data 152a (version 1) is stored.
  • the client terminal B (100b) specifies each divided data 152b corresponding to the original data 150b, and generates distributed management information 151b (version 2) including information related to the location of the divided data 152b.
  • the original data 150 when the original data 150 is divided into a plurality of divided data 152 by the (k, n) threshold secret sharing method, the original data 150 is edited or updated. Even when the content is changed after being performed, each divided data 152 is generated so that one divided data always has the same value.
  • the divided data generated so as to have the same value each time (hereinafter sometimes referred to as “fixed divided data”) is not stored in the server 200 in a distributed manner, but the original data 150 is divided by the secret sharing process.
  • Each of the client terminals 100 divided into data 152 is held and shared among a plurality of users.
  • each server does not require the resynchronization processing of the distributed management information 151 accompanying the editing or updating of the original data 150.
  • the corresponding divided data 152 (that is, the latest version of the divided data 152) is collected from 200, and the latest version of the original data 150 can be restored.
  • FIG. 2 is a diagram showing an outline of an example in the case of sharing with editing or updating of original data in the data sharing system according to an embodiment of the present invention.
  • the original data 150a is divided into a total of n pieces of divided data consisting of (n ⁇ 1) pieces (three pieces in the example of FIG. 2) pieces of divided data 152a (version 1) and one piece of fixed divided data 153.
  • the fixed divided data 153 is divided data generated so as to have the same value every time even when the content is changed by editing or updating the original data 150a.
  • (n-1) pieces of divided data 152a among the generated n pieces of divided data are distributed and stored in a plurality of servers 200.
  • a plurality of pieces of divided data 152a are shown to be stored together in the server 200, but actually, each piece of divided data 152a is different from each other (n ⁇ 1) pieces.
  • the client terminal A (100a) holds the fixed divided data 153.
  • the fixed division data 153 may be associated with a dummy file corresponding to the original data 150a (for example, a so-called shortcut or alias for the original data 150a).
  • the fixed division data 153 is synchronized with the other client terminal B (100b).
  • the fixed division data 153 can be transmitted to the client terminal B (100b) via the network 300 and synchronized online, or can be manually passed to the user of the client terminal B (100b) and synchronized offline. . If the client terminal B (100b) already has the fixed divided data 153 due to synchronization in the past or the like, the resynchronization process is unnecessary.
  • the client terminal B (100b) that has synchronized the fixed division data 153, based on the request from the user, etc., the (k ⁇ 1) or more division data 152a corresponding to each server 200 based on the fixed division data 153. Acquire and collect Further, based on the collected (k ⁇ 1) or more pieces of divided data 152a and one piece of fixed divided data 153 held by itself, a total of k or more pieces of divided data, the (k, n) threshold secret sharing method Thus, the original data 150a is restored.
  • the user of the client terminal B edits or updates the original data 150a with a predetermined application or the like to obtain the edited original data 150b (version 2).
  • (n ⁇ 1) three in the example of FIG. 2) divided data 152b (version 2) of the original data 150b is obtained by, for example, the (k, n) threshold secret sharing method.
  • one fixed divided data 153 to be divided into a total of n divided data. Note that the value of the fixed division data 153 is unchanged from the value of the fixed division data 153 of the version before editing as described above.
  • (n ⁇ 1) pieces of divided data 152b among the generated n pieces of divided data are distributed and stored in (n ⁇ 1) servers 200.
  • the (n ⁇ 1) servers 200 may be partially or entirely different from the (n ⁇ 1) servers 200 in which the divided data 152a (version 1) is stored.
  • the client terminal B (100b) holds the fixed divided data 153.
  • the fixed division data 153 may be associated with a dummy file or the like corresponding to the original data 150b.
  • the content of the fixed division data 153 is the same as that in the client terminal B (100b).
  • the latest latest divided data 152b (version 2) corresponding to the stored fixed divided data 153 is identified and collected based on the held fixed divided data 153 without the need for resynchronization processing, and the latest original data 150b (version 2) is collected. It is possible to restore. For this purpose, it is necessary to delete the old version of the divided data 152a in each server 200. That is, generation management cannot be performed, and it is necessary that each server 200 always has the latest version of the divided data 152.
  • FIG. 1 is a diagram showing an outline of a configuration example of a data sharing system according to an embodiment of the present invention.
  • a plurality of client terminals 100 sharing the original data 150 two in the example of FIG. 1, client terminal A (100 a) and client terminal B (100 b)) and a plurality of servers 200 are connected to the Internet or the like.
  • the client terminal 100 is an information processing apparatus such as a PC or a portable terminal that is used by the user to create, edit, and store original data 150 including important data.
  • the division processing unit 110 (110a, b), the distributed processing unit 120 (120a, b), the restoration processing unit 130 (130a, b), and the interface unit 140 (140a, b) implemented by the software program that operates on the above. Etc. have each part.
  • the above-described fixed divided data 153 generated from the original data 150 by the division processing unit 110 is held on a storage device such as an HDD (Hard Disk Disk Drive) (not shown).
  • HDD Hard Disk Disk Drive
  • the division processing unit 110 performs, for example, (k, n) threshold secret sharing (k ⁇ n) on the original data 150 instructed to be securely stored by the user via the interface unit 140 described later according to a predetermined procedure.
  • the data is divided into (n ⁇ 1) pieces of divided data 152 distributedly stored in each server 200 and one piece of fixed divided data 153 held on the client terminal 100.
  • the secret sharing algorithm is not particularly limited, and a known method can be used. However, as described above, even if editing or updating is performed on certain original data 150, fixed divided data that has the same value every time. It is assumed that it has a function of generating one 153.
  • the function of generating the fixed division data 153 as described above can be realized relatively easily.
  • the divided data obtained based on the specific coordinates is set as the fixed divided data 153, and the other two divided data 152 are determined based on the coordinates of the other two points on the randomly selected straight line. be able to.
  • the distributed processing unit 120 transmits (n ⁇ 1) pieces of divided data 152 generated from the original data 150 by the division processing unit 110 to each server 200 according to a predetermined condition based on the content of setting information (not shown).
  • the setting information includes, for example, access information (IP address, host name, etc.) for each server 200 serving as a distributed storage destination, and when there are more than (n-1) servers 200, (n-1) pieces of information are set.
  • Information such as criteria and conditions for selecting the server 200 (for example, priority of the server 200, an ordered list, a rotation method, etc.) can be set in advance by a file, a registry, or the like.
  • the distributed processing unit 120 restores the original data 150 from each server 200 based on a request from the restoration processing unit 130 when restoring the original data 150 by the restoration processing unit 130 described later.
  • the divided data 152 ((k ⁇ 1) ⁇ m ⁇ (n ⁇ 1)) is collected and transferred to the restoration processing unit 130.
  • each server 200 has the corresponding divided data 152 based on the fixed divided data 153 corresponding to the original data 150. It is collected from each server 200 having this by inquiring whether or not it exists.
  • the restoration processing unit 130 has the number of (k ⁇ 1) or more necessary for restoring the original data 150 instructed to be used for reference or editing by the user via the interface unit 140.
  • the division data 152 is requested and acquired from the distributed processing unit 120.
  • (k, n) is obtained from a total of k pieces or more of the obtained (k ⁇ 1) or more pieces of divided data 152 and one fixed piece of divided data 153 held by itself. ) Restore the original data 150 by the threshold secret sharing method.
  • the interface unit 140 has a user interface such as a screen display in the client terminal 100 and an input / output function such as data transmission / reception.
  • the user can use the functions of the client terminal 100 by using, for example, a file management screen of a general OS.
  • the division processing unit 110 and the distribution processing unit 120 automatically divide the important data into (n-1) pieces of divided data 152 and one piece of fixed divided data 153 as original data 150.
  • the divided data 152 and the fixed divided data 153 can be distributed and stored in each server 200 or the like without making the user aware of it.
  • the original data 150 is deleted from the client terminal 100, but the fixed divided data 153 can be specified corresponding to the original data 150, for example, so as not to make the user aware of it on the file management screen.
  • a dummy file or the like may be created and left.
  • the user performs operations such as reference and editing on the original data 150 by performing operations on the dummy file of the original data 150 managed in a specific folder on the file management screen.
  • the distributed processing unit 120 and the restoration processing unit 130 automatically set m ((k ⁇ ) from each server 200 based on the fixed division data 153 specified by the dummy file or the like. 1)
  • the corresponding division data 152 corresponding to ⁇ m ⁇ (n ⁇ 1)) can be collected, and the original data 150 can be restored from these and the fixed division data 153 to be made available to the user.
  • the fixed divided data 153 generated from the original data 150 at the client terminal A (100a) is synchronized with the other client terminal 100B (100b) online or offline, and the client terminal B ( 100b), a dummy file or the like for the fixed divided data 153 is newly generated.
  • the client terminal B (100b) it is possible to perform operations such as reference and editing on the corresponding original data 150 by the same operation via the dummy file or the like, and the client terminal A (100a) and the original The data 150 can be shared.
  • the fixed divided data 153 may be used as it is, and the original data 150 may be restored and made available to the user in response to an operation instruction from the user.
  • each client terminal 100 individually performs processing such as division and restoration of the original data 150 by the secret sharing method, distributed storage in each server 200, etc. This process may be executed collectively on a specific server such as a file server that stores the original data 150.
  • the server 200 is an information processing apparatus having a storage device such as an HDD (not shown) that can store the divided data 152 transmitted from the client terminal 100, and includes, for example, a file server or a storage server. Moreover, the data center which has these information processing apparatuses may be sufficient. Further, it may be a virtual server or a virtual data center by a cloud computing service.
  • a storage device such as an HDD (not shown) that can store the divided data 152 transmitted from the client terminal 100
  • the data center which has these information processing apparatuses may be sufficient. Further, it may be a virtual server or a virtual data center by a cloud computing service.
  • the server 200 includes, for example, a distributed storage unit 210 that is implemented by a software program that runs on an OS (not shown).
  • the distributed storage unit 210 stores the divided data 152 transmitted from the client terminal 100 in the storage device. Further, in response to the inquiry about the divided data 152 from the client terminal 100, whether or not the divided data 152 corresponding to the designated fixed divided data 153 is stored is searched, and the corresponding divided data 152 is stored. In this case, the divided data 152 is returned to the client terminal 100. At this time, the divided data 152 may be deleted from the storage device (the old version of the divided data 152 is not left).
  • each stored divided data 152 corresponds to the designated fixed divided data 153. It can be applied as appropriate. For example, when the original data 150a is divided into the fixed divided data 153 and the divided data 152a by the secret sharing method at the client terminal A (100a), the original data 150 added to the header of the fixed divided data 153 and each divided data 152a, etc.
  • the divided data 152 having the same file ID as the fixed divided data 153 can be searched based on information such as the file ID for identifying the file.
  • FIG. 3 is a diagram showing an overview of an example of the flow of processing when the original data 150 is stored in the client terminal 100.
  • the original data 150 is divided into a plurality of divided data by the secret sharing method by the division processing unit 110a.
  • the data is divided into 152 and one fixed divided data 153 (S01).
  • the data is divided into (n ⁇ 1) pieces of divided data 152 and one piece of fixed divided data 153 by the (k, n) threshold secret sharing method.
  • the distributed processing unit 120a transmits (n-1) pieces of divided data 152 to different (n-1) servers 200 determined based on a predetermined rule (S02).
  • FIG. 3 shows an example in which the divided data 152 is transmitted to each of the server A (200a) and the server B (200b).
  • Each server 200 that receives the divided data 152 stores the received divided data 152 in the storage device by the distributed storage unit 210 (S03), and returns the processing result to the client terminal A (100a).
  • the distributed processing unit 120a determines whether all (n-1) pieces of divided data 152 have been normally stored in the server 200 (S04). Here, if any of the (n ⁇ 1) divided data 152 could not be stored normally, an error may be notified to the user via the interface unit 140a. At this time, the series of processes described above may be rolled back. Further, even when there is divided data 152 that has not been normally stored, if the storage of (k-1) or more divided data 152 has been completed normally, the original data 150 can be restored, and an error will occur. You may not make it.
  • the division processing unit 110a stores the fixed division data 153 generated in step S01 in a storage device or the like (S05). At this time, a dummy file that can specify the fixed divided data 153 corresponding to the original data 150 may be generated.
  • the divided data 152 distributed and stored in each server 200 may be deleted from the storage device of the client terminal A (100a). Moreover, you may make it synchronize (transmit) the fixed division
  • FIG. 4 is a diagram showing an outline of an example of a flow of processing when the original data 150 is restored in the client terminal 100.
  • the user references (edits or updates) the original data 150 by operating the dummy file via the interface unit 140b.
  • the restoration processing unit 130b acquires the fixed divided data 153 corresponding to the target original data 150 from the storage device (S11).
  • the corresponding fixed divided data 153 is specified and acquired based on information such as a dummy file operated by the user.
  • the distributed processing unit 120b inquires of each server 200 whether or not the divided data 152 corresponding to the fixed divided data 153 is held (S12).
  • an inquiry message is broadcast to each server 200 (or multicasted to servers 200 within a predetermined range).
  • FIG. 4 shows an example in which an inquiry message is broadcast (or multicast) to each server 200 including the server A (200a) and the server B (200b).
  • the distributed storage unit 210 searches whether the divided data 152 corresponding to the fixed divided data 153 is held (S13). For example, as described above, the file ID is the same as that of the fixed divided data 153 based on information such as the file ID for identifying the original data 150 added to the fixed divided data 153 and the header of each divided data 152. The divided data 152 is searched.
  • the corresponding divided data 152 when the corresponding divided data 152 is included as in the server A (200a), it is transmitted to the client terminal B (100b) (S14). On the other hand, when the corresponding divided data 152 is not included as in the server B (200b), the fact may be transmitted to the client terminal B (100b).
  • the distributed processing unit 120b determines whether or not the number m of the divided data 152 that can be collected is equal to or more than (k ⁇ 1) necessary for restoring the original data 150. (S15). Here, if (k ⁇ 1) or more pieces of divided data 152 cannot be collected, an error may be notified to the user via the interface unit 140b.
  • the restoration processing unit 130b uses the collected (k-1) or more pieces of divided data 152 and the fixed divided data 153 acquired in step S11.
  • the original data 150 is restored by the (k, n) threshold secret sharing method (S16).
  • the original data 150 restored here is the latest version as shown in FIG.
  • the original data 150 is presented to the user via the interface unit 140b, and the user can perform processing such as reference, editing, and updating.
  • the original data 150 When storing the original data 150 after being edited or updated, the original data 150 is again divided by secret sharing and the divided data 152 is sent to each server 200 by the series of processes shown in FIG. Distributed storage is performed. As a result, the user of the client terminal A (100a) also restores the latest version of the original data 150 based on the fixed division data 153 held by the client terminal A (100a), and refers to, edits, etc.
  • the original data 150 can be shared between the client terminal A (100a) and the client terminal B (100b).
  • the data sharing system 1 when the original data 150 is divided into the plurality of divided data 152 by the (k, n) threshold secret sharing method, Even if the data 150 is edited or updated and the content changes, the fixed division data 153 is generated so that it always has the same value.
  • the fixed divided data 153 is not stored in the server 200 in a distributed manner but is held on each client terminal 100 obtained by dividing the original data 150 into the divided data 152 by the secret sharing process and is shared among a plurality of users. .
  • each client terminal 100 collects the corresponding divided data 152 from each server 200 by using the fixed divided data 153 without requiring re-synchronization processing associated with editing or updating of the original data 150.
  • the latest version of the original data 150 can be restored, and sharing of the original data 150 can be realized.
  • the present invention relates to a data sharing system in which original data is shared by other users restoring original data based on divided data generated from a target original data by a secret sharing method and distributed and stored in a plurality of servers. Is available.
  • 1 ... Data sharing system, 100 (100a, b) ... Client terminal, 110 (110a, b) ... Division processing unit, 120 (120a, b) ... Distributed processing unit, 130 (130a, b) ... Restore processing unit, 140 (140a, b) ... Interface unit, 150 (150a, b) ... original data, 151 (151a, b) ... distributed management information, 152 (152a, b) ... divided data, 153 ... fixed divided data, 200 ... server, 210 ... distributed storage unit, 300: Network.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A data sharing system whereby processing such as editing can be performed on source data shared between a plurality of users, within a structure whereby the source data is segmented into a plurality of segmented data units, using a secret sharing scheme, and stored distributed in a plurality of servers, etc. A typical embodiment has: a plurality of servers (200); and a client terminal (100) that segments the source data into a n number of segmented data units, using a (k, n) threshold value secret sharing scheme, and distributes and stores each unit of data in (n−1) servers (200). The client terminal (100) segments the source data into (n−1) units of segmented data (152) and one unit of fixed segmented data (153); has a segmentation unit (110) that holds the fixed segmented data (153) in the client terminal (100), and a distribution unit (120) that sends the (n−1) units of segmented data (152) to the (n−1) servers (200); and is mounted such that the (k, n) threshold value secret sharing scheme generates the fixed segmented data (153) so as to be the same value each time, even if the content of the source data is updated.

Description

データ共有システムData sharing system
 本発明は、複数ユーザによりデータを共有する技術に関し、特に、対象の元データから秘密分散法により生成され、複数のサーバ等に分散保管された分割データに基づいて、他のユーザが元データを復元することで元データを共有するデータ共有システムに適用して有効な技術に関するものである。 The present invention relates to a technique for sharing data among a plurality of users, and in particular, based on divided data generated from a target original data by a secret sharing method and distributed and stored in a plurality of servers and the like, the other users share the original data. The present invention relates to a technology that is effective when applied to a data sharing system that shares original data by restoration.
 近年では、情報セキュリティの観点から、ユーザが利用するPC(Personal Computer)等の情報処理装置において保持や処理されるファイル等のデータの取り扱いが重要視されている。特に、ノート型PCに加えて、ビジネス上での利用が拡がりつつあるいわゆるスマートフォンやタブレット型PCなどの携帯型端末では、これらの端末自体の盗難や紛失等に伴う情報漏洩のリスクを考慮する必要がある。 In recent years, from the viewpoint of information security, the handling of data such as files held and processed in information processing apparatuses such as PCs (Personal Computers) used by users has been regarded as important. In particular, in addition to notebook PCs, portable terminals such as so-called smartphones and tablet PCs that are increasingly used in business need to consider the risk of information leakage due to theft or loss of these terminals themselves. There is.
 これに対して、端末内の重要データを含むデータを、セキュリティ対策が施された外部のデータセンターやサーバ等に保管するようないわゆるシンクライアント化等により、端末の紛失等に伴う情報漏洩のリスクを低減することが考えられる。このとき、重要データをそのまま外部のサーバ等に保管するのではなく、例えば、非特許文献1等に記載されているようないわゆる秘密分散の技術を利用して、重要データをそれだけでは意味のない(重要データを復元・推測できない)非重要データに分割し、これら非重要データを外部の複数のサーバ等に分散保管するということも提案されている。これにより、例えば、クラウドコンピューティング環境における仮想データセンターや仮想サーバなどに保管するような場合においても情報漏洩のリスクを低減させることが可能である。 On the other hand, the risk of information leakage due to loss of the terminal due to the so-called thin client that stores data including important data in the terminal in an external data center or server where security measures are taken It is conceivable to reduce. At this time, the important data is not stored in an external server or the like as it is, but for example, the so-called secret sharing technique described in Non-Patent Document 1 or the like is used, and the important data alone is meaningless. It has also been proposed to divide into non-important data (important data cannot be restored / inferred) and store these non-important data in a plurality of external servers. Thereby, for example, the risk of information leakage can be reduced even in the case of storage in a virtual data center or virtual server in a cloud computing environment.
 また、秘密分散の技術により重要データを複数の分割データに分割した場合、分割データの一部が滅失した場合でも、所定の個数以上の分割データを集めることができれば元の重要データを復元できることから、データの可用性を向上させることもできる。例えば、いわゆる(k,n)閾値型の秘密分散により、重要データをn個の分割データに分割した場合、k個以上の分割データを集めることができれば重要データを復元することができる。換言すれば、(n-k)個までの分割データの滅失には耐えることが可能である。このような可用性の高さを利用して、分割データを遠隔地の複数の拠点に分散保管することで、災害対策も考慮したバックアップとして利用するということも検討されている。 In addition, when important data is divided into a plurality of divided data by a secret sharing technique, even if a part of the divided data is lost, the original important data can be restored if a predetermined number or more of divided data can be collected. Can also improve the availability of data. For example, when important data is divided into n pieces of divided data by so-called (k, n) threshold type secret sharing, the important data can be restored if k or more pieces of divided data can be collected. In other words, it is possible to withstand the loss of up to (n−k) pieces of divided data. Utilizing such high availability, it is also considered that the divided data is distributed and stored in a plurality of remote locations to be used as a backup considering disaster countermeasures.
 上記のように、元のデータを秘密分散の技術により分割して得られた複数の分割データを複数のサーバ等に分散保管する仕組みにおいて、各ユーザが分割データについての管理を個別に行うことは利便性の低下につながる。例えば、元データから生成された分割データの数やそれぞれのファイル名、各分割データがどのサーバ等に保管されているか、等のことをユーザが把握し、また、元データを復元する際に必要となる分割データを、各分割データが保管されているサーバ等を特定して取得するという運用をユーザに強いることは困難である。 As described above, in a mechanism in which a plurality of divided data obtained by dividing the original data by the secret sharing technique is distributed and stored in a plurality of servers, etc., each user individually manages the divided data. It leads to a decrease in convenience. For example, it is necessary for the user to know the number of divided data generated from the original data, each file name, on which server each divided data is stored, and to restore the original data. It is difficult to force the user to operate by specifying a server or the like in which each piece of divided data is stored.
 従って、通常は、元データの保管や参照の際に行われる秘密分散処理(元データの分割や復元の処理)や、生成された分割データの分散保管および分割データの収集等の処理をシステムが自動で行い、これらの処理に係る部分をユーザから隠蔽することが行われる。 Therefore, normally, the system performs processing such as secret sharing processing (processing for dividing and restoring original data) that is performed when the original data is stored and referenced, distributed storage of generated divided data, and collection of divided data. It is automatically performed to conceal parts related to these processes from the user.
 例えば、各ユーザのクライアント端末や、ファイルサーバ等の特定の管理サーバなど、ユーザの元データを複数の分割データに分割する秘密分散処理を行う情報処理装置において、生成した各分割データをどのサーバ等に保管したかという所在の情報を含む管理情報(以下では「分散管理情報」と記載する場合がある)を保持する。この分散管理情報は、例えば、元データを表象するダミーファイルなどと関連付けられており、ユーザはこのダミーファイルに対して参照や編集等の操作を行う。 For example, in an information processing apparatus that performs secret sharing processing for dividing user original data into a plurality of divided data, such as a client terminal of each user or a specific management server such as a file server, which server or the like Management information including the location information indicating whether or not it has been stored (hereinafter, sometimes referred to as “distributed management information”) is stored. The distributed management information is associated with, for example, a dummy file representing the original data, and the user performs operations such as reference and editing on the dummy file.
 ダミーファイルを介したユーザからの元データに対する操作要求等を受けて、情報処理装置は、分散管理情報を参照して必要な分割データがどのサーバ等に保管されているかを特定し、直接対象のサーバ等にアクセスして必要な分割データを収集して元データを復元する。これにより、ユーザは通常のファイル操作と同様のインタフェースを利用して、複数の分割データとして分散保管されている元データにアクセスすることができる。 Upon receiving an operation request for the original data from the user via the dummy file, the information processing apparatus refers to the distributed management information to identify the server where the necessary divided data is stored, and directly Access the server etc., collect the necessary divided data and restore the original data. As a result, the user can access the original data distributed and stored as a plurality of pieces of divided data by using an interface similar to a normal file operation.
 例えば、特開2007-213405号公報(特許文献1)には、情報管理コンピュータで、割符ファイルを納める割符フォルダA、B、・・と、復元ファイルを納める復元先フォルダと、割符オブジェクトファイルを納める割符オブジェクトフォルダと、復元エンジンプログラムと分割エンジンプログラムを納めた割符エンジンフォルダを備え、割符アプリケーションにそれが読込める範囲であるデコード境界の情報を含む割符パラメータを、割符オブジェクトファイルA、B、・・に割符ファイル名称・格納位置と復元先フォルダのオブジェクト情報を納め、割符ファイルの格納位置とデコード境界に基づいて割符ファイルを直接収集して復元ファイルを生成し、復元先フォルダに格納してオープンすることで、秘密分散法による分散ファイルを効率的に探し出して元データを復元する分散情報ファイル管理手段が記載されている。 For example, Japanese Patent Laid-Open No. 2007-213405 (Patent Document 1) stores tally folders A, B,... For storing tally files, a restoration destination folder for storing restoration files, and a tally object file by an information management computer. A tally object folder, a tally engine folder containing a restoration engine program and a division engine program, and a tally parameter including information on a decoding boundary, which is a range that can be read by the tally application, are set as tally object files A, B,. The tally file name / storage location and the object information of the restoration destination folder are stored in, the tally file is collected directly based on the tally file storage location and the decoding boundary, the restoration file is generated, and the restoration file is stored and opened. By the secret sharing method Distributed information file management means for restoring efficiently locate and original data to prevent file is described.
特開2007-213405号公報JP 2007-213405 A
 従来技術では、元データを秘密分散により複数の分割データに分割し、これらを分散保管することで、可用性を高めつつセキュアに元データを保管することが可能である。このとき、例えば、通常のファイルをローカルのクライアント端末上ではなくファイルサーバ等に置くことで他のユーザと共有するように、複数の分割データとしてサーバ等に分散保管されている元データを他のユーザと共有したいという要望が当然生じ得る。 In the prior art, the original data is divided into a plurality of divided data by secret sharing, and these are distributed and stored, so that the original data can be securely stored while increasing the availability. At this time, for example, the original data distributed and stored in the server or the like as a plurality of divided data is shared with other users so that the normal file is placed on the file server or the like instead of on the local client terminal. There may naturally be a desire to share with users.
 このとき、元データに対する編集や更新を行わない参照のみの共有であれば、通常のファイルの共有の場合と同様に、従来技術においても比較的容易に実現することができる。例えば、元データを秘密分散法により分割した際に生成される分散管理情報やダミーファイル等(例えば、特許文献1に記載された例では割符オブジェクトファイルなど)を、元データの作成者と共有者との間でオンラインもしくはオフラインで同期する。これにより、共有者は同期された分散管理情報に基づいて必要な分割データを収集し、元データを復元して参照することができる。 At this time, if only reference sharing is performed without editing or updating the original data, it can be realized relatively easily in the prior art as in the case of normal file sharing. For example, the distribution management information and dummy files generated when the original data is divided by the secret sharing method (for example, the tally object file in the example described in Patent Document 1) and the creator of the original data and the sharer Sync online with or offline. Accordingly, the sharer can collect necessary divided data based on the synchronized distributed management information, and can restore and refer to the original data.
 しかしながら、従来技術では、元データに対する編集や更新を伴う共有を整合性を維持しつつ実現することは困難である。例えば、上述のように分散管理情報等を複数のユーザ間で同期させることで共有する場合、共有者が同期された分散管理情報に基づいて元データを復元し、これに対して編集を行った後に再度秘密分散および分散保管の処理を行うと、新たに生成もしくは更新される分割データおよび分散管理情報はそれぞれ編集前のものとは異なるものとなる。また、システム構成によっては、各分割データが保管されるサーバ等の所在も、編集前とは異なるものとなり得る。 However, with the prior art, it is difficult to realize sharing with editing and updating of the original data while maintaining consistency. For example, when sharing distributed management information etc. by synchronizing multiple users as described above, the sharer restored the original data based on the synchronized distributed management information and edited this If secret sharing and distributed storage are performed again later, the newly generated or updated divided data and distributed management information will be different from those before editing. Further, depending on the system configuration, the location of a server or the like where each divided data is stored may be different from that before editing.
 すなわち、各共有者が有する分散管理情報は、同じ元データに対する異なるバージョンの分割データをそれぞれ特定することになる。従って、例えば、編集を行った共有者以外の他の共有者は、編集が行われたことを把握できず、自身が有する分散管理情報に基づいて元データを復元しても編集前の元データが復元されることになり、共有者間での元データの整合性が維持できなくなる。これを解消するためには、編集後の元データに対応する分散管理情報等を共有者間で再度同期させる等の処理が必要となってしまう。 That is, the distributed management information held by each sharer specifies different versions of divided data for the same original data. Therefore, for example, a sharer other than the sharer who performed the edit cannot grasp that the edit has been performed, and the original data before the edit even if the original data is restored based on the distributed management information that the sharer has. Is restored, and the consistency of the original data among the sharers cannot be maintained. In order to solve this problem, it is necessary to perform processing such as re-synchronizing the distributed management information corresponding to the original data after editing between the sharers.
 そこで本発明の目的は、元データを秘密分散法により複数の分割データに分割して、これらを複数のサーバ等に分散保管することで元データをセキュアに保管する仕組みにおいて、複数ユーザ間で元データを共有する際に、分散管理情報等についての再同期処理を要さずに共有された元データに対する編集や更新の処理を可能とするデータ共有システムを提供することにある。本発明の前記ならびにその他の目的と新規な特徴は、本明細書の記述および添付図面から明らかになるであろう。 Therefore, an object of the present invention is to divide original data into a plurality of divided data by a secret sharing method and distribute the original data in a plurality of servers etc. to securely store the original data among a plurality of users. An object of the present invention is to provide a data sharing system that enables processing of editing and updating original data without requiring resynchronization processing for distributed management information and the like when sharing data. The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.
 本願において開示される発明のうち、代表的なものの概要を簡単に説明すれば、以下のとおりである。 Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.
 本発明の代表的な実施の形態によるデータ共有システムは、記憶装置を有する複数のサーバと、前記各サーバとネットワークを介して接続され、元データを(k,n)閾値秘密分散法によりn個の分割データに分割して、前記各分割データをn個の前記サーバの前記記憶装置にそれぞれ分散保管する情報処理装置とを有するデータ共有システムであって、以下の特徴を有するものである。 A data sharing system according to a typical embodiment of the present invention is connected to a plurality of servers having storage devices and each of the servers via a network, and n original data is obtained by a (k, n) threshold secret sharing method. The data sharing system includes an information processing apparatus that divides each of the divided data into the divided data and distributes and stores the divided data in the storage devices of the n servers. The data sharing system has the following characteristics.
 すなわち、前記情報処理装置は、前記元データを、前記(k,n)閾値秘密分散法により、(n-1)個の第1の分割データと、1個の第2の分割データに分割し、前記第2の分割データを前記情報処理装置上に保持する分割処理部と、(n-1)個の前記第1の分割データを、それぞれ異なる(n-1)個の前記サーバに送信する分散処理部とを有し、前記(k,n)閾値秘密分散法は、前記元データの内容が更新された場合であっても、前記第2の分割データを毎回同じ値となるように生成するよう実装されている。また、前記サーバは、前記情報処理装置から送信された前記第1の分割データを、前記記憶装置に格納する分散保管部を有する。 That is, the information processing apparatus divides the original data into (n−1) first divided data and one second divided data by the (k, n) threshold secret sharing method. And (n-1) pieces of the first divided data are transmitted to the (n-1) different servers, each of which holds the second divided data on the information processing apparatus. And the (k, n) threshold secret sharing method generates the second divided data so as to have the same value every time even when the contents of the original data are updated. Has been implemented. In addition, the server includes a distributed storage unit that stores the first divided data transmitted from the information processing apparatus in the storage device.
 本願において開示される発明のうち、代表的なものによって得られる効果を簡単に説明すれば以下のとおりである。 Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.
 本発明の代表的な実施の形態によれば、元データを秘密分散法により複数の分割データに分割して、これらを複数のサーバ等に分散保管することで元データをセキュアに保管する仕組みにおいて、複数ユーザ間で元データを共有する際に、分散管理情報等についての再同期処理を要さずに共有された元データに対する編集や更新の処理を行うことが可能となる。 According to a typical embodiment of the present invention, in a mechanism for securely storing original data by dividing the original data into a plurality of divided data by the secret sharing method and distributing and storing them in a plurality of servers or the like. When the original data is shared among a plurality of users, it becomes possible to perform editing and update processing on the shared original data without requiring resynchronization processing for the distributed management information and the like.
本発明の一実施の形態であるデータ共有システムの構成例について概要を示した図である。It is the figure which showed the outline | summary about the structural example of the data sharing system which is one embodiment of this invention. 本発明の一実施の形態における元データに対する編集や更新を伴う共有を行う場合の例について概要を示した図である。It is the figure which showed the outline | summary about the example in the case of performing the sharing accompanying the edit and update with respect to the original data in one embodiment of this invention. 本発明の一実施の形態におけるクライアント端末において元データを保存する際の処理の流れの例について概要を示した図である。It is the figure which showed the outline | summary about the example of the flow of a process at the time of preserve | saving original data in the client terminal in one embodiment of this invention. 本発明の一実施の形態におけるクライアント端末において元データを復元する際の処理の流れの例について概要を示した図である。It is the figure which showed the outline | summary about the example of the flow of a process at the time of decompress | restoring original data in the client terminal in one embodiment of this invention. 従来の技術における元データに対する編集や更新を伴う共有を行う場合の例について概要を示した図である。It is the figure which showed the outline | summary about the example in the case of performing the sharing accompanying the edit and update with respect to the original data in a prior art.
 以下、本発明の実施の形態を図面に基づいて詳細に説明する。なお、実施の形態を説明するための全図において、同一部には原則として同一の符号を付し、その繰り返しの説明は省略する。また、以下においては、本発明の特徴を分かり易くするために、従来の技術と比較して説明する。 Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted. In the following, in order to make the features of the present invention easier to understand, the description will be made in comparison with the prior art.
 <概要>
 上述したように、従来の技術では、元データを秘密分散法により複数の分割データに分割し、これらを分散保管することで、可用性を高めつつセキュアに元データを保管することが可能である。ここで、複数の分割データとしてサーバ等に分散保管されている元データを他のユーザと共有する場合に、元データに対する編集や更新を行わない参照のみの共有であれば、通常のファイルの共有の場合と同様に比較的容易に実現することができる。例えば、元データを秘密分散法により分割した際に生成される分散管理情報やダミーファイル等を、元データの作成者と共有者との間でオンラインもしくはオフラインで同期する。これにより、共有者は同期された分散管理情報に基づいて必要な分割データを収集し、元データを復元して参照することができる。 <Overview>
As described above, in the conventional technique, the original data is divided into a plurality of divided data by the secret sharing method, and these are distributed and stored, so that the original data can be securely stored while increasing the availability. Here, when sharing original data that is distributed and stored in a server or the like as a plurality of divided data with other users, if the reference data is not edited or updated, only normal file sharing As in the case of, it can be realized relatively easily. For example, the distribution management information and dummy files generated when the original data is divided by the secret sharing method are synchronized online or offline between the creator of the original data and the sharer. Accordingly, the sharer can collect necessary divided data based on the synchronized distributed management information, and can restore and refer to the original data.
 しかしながら、従来の技術では、元データに対する編集や更新を伴う共有を整合性を維持しつつ実現することは困難である。図5は、従来の技術における元データに対する編集や更新を伴う共有を行う場合の例について概要を示した図である。図5の例では、まず、クライアント端末A(100a)において、ユーザが元データ150a(バージョン1)を保管する際に、例えば(k,n)閾値秘密分散法により元データ150aをn個(図5の例では4個)の分割データ152a(バージョン1)に分割し、これらをn個のサーバ200に分散保管する。なお、ここでは説明の便宜上、複数の分割データ152aをまとめてサーバ200に保管するように図示しているが、実際は、各分割データ152aはそれぞれ異なるn個のサーバ200上に分散保管されるものとする。 However, with the conventional technology, it is difficult to realize sharing with editing and updating of the original data while maintaining consistency. FIG. 5 is a diagram showing an outline of an example in the case of sharing with editing and updating of original data in the conventional technique. In the example of FIG. 5, first, in the client terminal A (100a), when the user stores the original data 150a (version 1), for example, n pieces of original data 150a (see FIG. The data is divided into four pieces of divided data 152a (version 1), and these are distributed and stored in n servers 200. Here, for convenience of explanation, a plurality of divided data 152a is illustrated as being stored together in the server 200, but in reality, each divided data 152a is distributed and stored on n different servers 200. And
 このとき、クライアント端末A(100a)では、元データ150aに対応して、各分割データ152aを特定し、かつ各分割データ152aの所在に係る情報を含む分散管理情報151a(バージョン1)を生成する。なお、分散管理情報151aは、元データ150aに対応するダミーファイル(例えば、元データ150aに対するいわゆるショートカットやエイリアス等からなる)などと関連付けられていてもよい。 At this time, the client terminal A (100a) specifies each divided data 152a corresponding to the original data 150a, and generates distributed management information 151a (version 1) including information relating to the location of each divided data 152a. . The distributed management information 151a may be associated with a dummy file (for example, a so-called shortcut or alias for the original data 150a) corresponding to the original data 150a.
 その後、分散管理情報151aを他のクライアント端末B(100b)との間で同期する。例えば、分散管理情報151aをネットワーク300を介してクライアント端末B(100b)に送信してオンラインで同期したり、手動でクライアント端末B(100b)のユーザに渡してオフラインで同期したりすることができる。 Thereafter, the distributed management information 151a is synchronized with another client terminal B (100b). For example, the distributed management information 151a can be transmitted to the client terminal B (100b) via the network 300 and synchronized online, or can be manually transferred to the user of the client terminal B (100b) and synchronized offline. .
 分散管理情報151aの同期を行ったクライアント端末B(100b)では、ユーザからの要求等に基づいて、分散管理情報151aを参照して、各分割データ152aが保管されているサーバ200からk個以上の分割データ152aを取得・収集する。さらに、収集したk個以上の分割データ152aに基づいて、(k,n)閾値秘密分散法により元データ150aを復元する。 In the client terminal B (100b) that has synchronized the distributed management information 151a, the client terminal B (100b) refers to the distributed management information 151a based on a request from the user or the like, and is k or more from the server 200 in which each divided data 152a is stored. The divided data 152a is acquired and collected. Further, the original data 150a is restored by the (k, n) threshold secret sharing method based on the collected k or more pieces of divided data 152a.
 その後、クライアント端末B(100b)のユーザは、元データ150aを所定のアプリケーション等により編集もしくは更新して、編集後の元データ150b(バージョン2)を得る。この元データ150bを保管する際にも同様に、例えば(k,n)閾値秘密分散法により元データ150bをn個(図5の例では4個)の分割データ152b(バージョン2)に分割し、これらをn個のサーバ200に分散保管する。なお、ここでのn個のサーバ200は、分割データ152a(バージョン1)が保管されていたn個のサーバ200とは一部もしくは全部が異なる場合もある。また、クライアント端末B(100b)では、元データ150bに対応して、各分割データ152bを特定し、かつ分割データ152bの所在に係る情報を含む分散管理情報151b(バージョン2)を生成する。 Thereafter, the user of the client terminal B (100b) edits or updates the original data 150a with a predetermined application or the like to obtain the edited original data 150b (version 2). Similarly, when storing the original data 150b, the original data 150b is divided into n pieces (4 pieces in the example of FIG. 5) of divided data 152b (version 2) by, for example, the (k, n) threshold secret sharing method. These are distributed and stored in n servers 200. The n servers 200 here may be partly or entirely different from the n servers 200 in which the divided data 152a (version 1) is stored. In addition, the client terminal B (100b) specifies each divided data 152b corresponding to the original data 150b, and generates distributed management information 151b (version 2) including information related to the location of the divided data 152b.
 この状態では、クライアント端末A(100a)において、分散管理情報151a(バージョン1)によって特定されるのは分割データ152a(バージョン1)であり、分割データ152b(バージョン2)ではない。従って、クライアント端末B(100b)と異なり、最新の元データ150b(バージョン2)を復元することができない状態となっている。これを整合させるためには、クライアント端末B(100b)で生成された分散管理情報151bをクライアント端末A(100a)に再度同期させる必要がある。 In this state, in the client terminal A (100a), what is specified by the distributed management information 151a (version 1) is the divided data 152a (version 1), not the divided data 152b (version 2). Therefore, unlike the client terminal B (100b), the latest original data 150b (version 2) cannot be restored. In order to make this consistent, it is necessary to synchronize the distributed management information 151b generated at the client terminal B (100b) with the client terminal A (100a) again.
 そこで本発明の一実施の形態であるデータ共有システムは、元データ150を(k,n)閾値秘密分散法により複数の分割データ152に分割する際に、元データ150に対して編集や更新が行われて内容が変わった場合でも、1個の分割データについては毎回必ず同じ値となるように各分割データ152を生成する。この毎回同じ値となるように生成される分割データ(以下では「固定分割データ」と記載する場合がある)については、サーバ200に分散保管するのではなく、秘密分散処理により元データ150を分割データ152に分割した各クライアント端末100上でそれぞれ保持するとともに、複数ユーザ間でこれを共有する。 Therefore, in the data sharing system according to an embodiment of the present invention, when the original data 150 is divided into a plurality of divided data 152 by the (k, n) threshold secret sharing method, the original data 150 is edited or updated. Even when the content is changed after being performed, each divided data 152 is generated so that one divided data always has the same value. The divided data generated so as to have the same value each time (hereinafter sometimes referred to as “fixed divided data”) is not stored in the server 200 in a distributed manner, but the original data 150 is divided by the secret sharing process. Each of the client terminals 100 divided into data 152 is held and shared among a plurality of users.
 各クライアント端末100では、分散管理情報151の代わりにこの固定分割データを利用することで、元データ150の編集や更新等に伴う分散管理情報151の再同期処理等を要さずに、各サーバ200から対応する分割データ152(すなわち最新バージョンの分割データ152)を収集して最新バージョンの元データ150を復元することを可能とする。 In each client terminal 100, by using this fixed division data instead of the distributed management information 151, each server does not require the resynchronization processing of the distributed management information 151 accompanying the editing or updating of the original data 150. The corresponding divided data 152 (that is, the latest version of the divided data 152) is collected from 200, and the latest version of the original data 150 can be restored.
 図2は、本発明の一実施の形態であるデータ共有システムにおける元データに対する編集や更新を伴う共有を行う場合の例について概要を示した図である。図2の例では、図5の例と同様に、まず、クライアント端末A(100a)において、ユーザが元データ150a(バージョン1)を保管する際に、例えば(k,n)閾値秘密分散法により、元データ150aを(n-1)個(図2の例では3個)の分割データ152a(バージョン1)と1個の固定分割データ153からなる合計n個の分割データに分割する。この固定分割データ153は、上述したように、元データ150aに対して編集や更新が行われて内容が変わった場合でも、毎回同じ値となるように生成される分割データである。 FIG. 2 is a diagram showing an outline of an example in the case of sharing with editing or updating of original data in the data sharing system according to an embodiment of the present invention. In the example of FIG. 2, as in the example of FIG. 5, first, when the user stores the original data 150a (version 1) in the client terminal A (100a), for example, by the (k, n) threshold secret sharing method. The original data 150a is divided into a total of n pieces of divided data consisting of (n−1) pieces (three pieces in the example of FIG. 2) pieces of divided data 152a (version 1) and one piece of fixed divided data 153. As described above, the fixed divided data 153 is divided data generated so as to have the same value every time even when the content is changed by editing or updating the original data 150a.
 図2の例では、生成されたn個の分割データのうち、(n-1)個の分割データ152aを複数のサーバ200に分散保管する。なお、図5の例と同様に、説明の便宜上、複数の分割データ152aをまとめてサーバ200に保管するように図示しているが、実際は、各分割データ152aはそれぞれ異なる(n-1)個のサーバ200上に分散保管されるものとする。このとき、クライアント端末A(100a)では、固定分割データ153を保持しておく。なお、固定分割データ153は、元データ150aに対応するダミーファイル(例えば、元データ150aに対するいわゆるショートカットやエイリアス等からなる)などと関連付けられていてもよい。 In the example of FIG. 2, (n-1) pieces of divided data 152a among the generated n pieces of divided data are distributed and stored in a plurality of servers 200. As in the example of FIG. 5, for convenience of explanation, a plurality of pieces of divided data 152a are shown to be stored together in the server 200, but actually, each piece of divided data 152a is different from each other (n−1) pieces. Are distributed and stored on the server 200. At this time, the client terminal A (100a) holds the fixed divided data 153. Note that the fixed division data 153 may be associated with a dummy file corresponding to the original data 150a (for example, a so-called shortcut or alias for the original data 150a).
 その後、固定分割データ153を他のクライアント端末B(100b)との間で同期する。例えば、固定分割データ153をネットワーク300を介してクライアント端末B(100b)に送信してオンラインで同期したり、手動でクライアント端末B(100b)のユーザに渡してオフラインで同期したりすることができる。なお、クライアント端末B(100b)が、過去に同期を行った等により当該固定分割データ153を既に有している場合は、再同期の処理は不要である。 Thereafter, the fixed division data 153 is synchronized with the other client terminal B (100b). For example, the fixed division data 153 can be transmitted to the client terminal B (100b) via the network 300 and synchronized online, or can be manually passed to the user of the client terminal B (100b) and synchronized offline. . If the client terminal B (100b) already has the fixed divided data 153 due to synchronization in the past or the like, the resynchronization process is unnecessary.
 固定分割データ153の同期を行ったクライアント端末B(100b)では、ユーザからの要求等に基づいて、固定分割データ153に基づいて各サーバ200から対応する(k-1)個以上の分割データ152aを取得・収集する。さらに、収集した(k-1)個以上の分割データ152aと、自身が保持する1個の固定分割データ153からなる合計k個以上の分割データに基づいて、(k,n)閾値秘密分散法により元データ150aを復元する。 In the client terminal B (100b) that has synchronized the fixed division data 153, based on the request from the user, etc., the (k−1) or more division data 152a corresponding to each server 200 based on the fixed division data 153. Acquire and collect Further, based on the collected (k−1) or more pieces of divided data 152a and one piece of fixed divided data 153 held by itself, a total of k or more pieces of divided data, the (k, n) threshold secret sharing method Thus, the original data 150a is restored.
 固定分割データ153に基づいて対応する分割データ152aを収集する手法としてはいくつかのものが考えられ、これらを適宜適用することができる。例えば、クライアント端末A(100a)において元データ150aを秘密分散法により固定分割データ153および分割データ152aに分割した際に、元データ150を識別するファイルID等の情報を、固定分割データ153および各分割データ152aのヘッダ等に付加しておく。これにより、固定分割データ153のヘッダ等に含まれるファイルID情報と対応するファイルID情報をヘッダ等に含む分割データ152aを識別することができる。 There are several methods for collecting the corresponding divided data 152a based on the fixed divided data 153, and these can be applied as appropriate. For example, when the original data 150a is divided into the fixed divided data 153 and the divided data 152a by the secret sharing method in the client terminal A (100a), information such as a file ID for identifying the original data 150 is changed to the fixed divided data 153 and each It is added to the header of the divided data 152a. Thereby, the divided data 152a including the file ID information corresponding to the file ID information included in the header or the like of the fixed divided data 153 in the header or the like can be identified.
 その後、クライアント端末B(100b)のユーザは、元データ150aを所定のアプリケーション等により編集もしくは更新して、編集後の元データ150b(バージョン2)を得る。この元データ150bを保管する際にも同様に、例えば(k,n)閾値秘密分散法により元データ150bを(n-1)個(図2の例では3個)の分割データ152b(バージョン2)と1個の固定分割データ153かならる合計n個の分割データに分割する。なお、この固定分割データ153の値は、上述したように編集前のバージョンの固定分割データ153の値と変わらず不変である。 Thereafter, the user of the client terminal B (100b) edits or updates the original data 150a with a predetermined application or the like to obtain the edited original data 150b (version 2). Similarly, when the original data 150b is stored, (n−1) (three in the example of FIG. 2) divided data 152b (version 2) of the original data 150b is obtained by, for example, the (k, n) threshold secret sharing method. ) And one fixed divided data 153 to be divided into a total of n divided data. Note that the value of the fixed division data 153 is unchanged from the value of the fixed division data 153 of the version before editing as described above.
 図2の例では、生成されたn個の分割データのうち、(n-1)個の分割データ152bを(n-1)個のサーバ200に分散保管する。なお、ここでの(n-1)個のサーバ200は、分割データ152a(バージョン1)が保管されていた(n-1)個のサーバ200とは一部もしくは全部が異なる場合もある。また、クライアント端末B(100b)では、固定分割データ153を保持しておく。このとき、固定分割データ153は、元データ150bに対応するダミーファイル等と関連付けられていてもよい。 In the example of FIG. 2, (n−1) pieces of divided data 152b among the generated n pieces of divided data are distributed and stored in (n−1) servers 200. Here, the (n−1) servers 200 may be partially or entirely different from the (n−1) servers 200 in which the divided data 152a (version 1) is stored. Further, the client terminal B (100b) holds the fixed divided data 153. At this time, the fixed division data 153 may be associated with a dummy file or the like corresponding to the original data 150b.
 この状態では、図5の例の場合と異なり、クライアント端末A(100a)において、固定分割データ153の内容はクライアント端末B(100b)におけるものと同じであるため、クライアント端末A(100a)においても、再同期処理等を要さずに、保持していた固定分割データ153に基づいて対応する最新の分割データ152b(バージョン2)を特定して収集し、最新の元データ150b(バージョン2)を復元することが可能である。なお、このためには、各サーバ200において、旧バージョンの分割データ152aは削除しておく必要がある。すなわち、世代管理を行うことはできず、各サーバ200には、常に最新バージョンの分割データ152が存在する状況である必要がある。 In this state, unlike the example of FIG. 5, in the client terminal A (100a), the content of the fixed division data 153 is the same as that in the client terminal B (100b). The latest latest divided data 152b (version 2) corresponding to the stored fixed divided data 153 is identified and collected based on the held fixed divided data 153 without the need for resynchronization processing, and the latest original data 150b (version 2) is collected. It is possible to restore. For this purpose, it is necessary to delete the old version of the divided data 152a in each server 200. That is, generation management cannot be performed, and it is necessary that each server 200 always has the latest version of the divided data 152.
 <システム構成>
 図1は、本発明の一実施の形態であるデータ共有システムの構成例について概要を示した図である。データ共有システム1は、元データ150を共有する複数のクライアント端末100(図1の例ではクライアント端末A(100a)とクライアント端末B(100b)の2つ)と、複数のサーバ200とがインターネット等のネットワーク300を介して互いに接続され通信可能な構成を有する。 <System configuration>
FIG. 1 is a diagram showing an outline of a configuration example of a data sharing system according to an embodiment of the present invention. In the data sharing system 1, a plurality of client terminals 100 sharing the original data 150 (two in the example of FIG. 1, client terminal A (100 a) and client terminal B (100 b)) and a plurality of servers 200 are connected to the Internet or the like. Are connected to each other via the network 300 and can communicate with each other.
 クライアント端末100は、ユーザが重要データ等からなる元データ150を作成・編集・保管等するために用いる、PCや携帯型端末等からなる情報処理装置であって、例えば、図示しないOS(Operating System)上で動作するソフトウェアプログラムによって実装される分割処理部110(110a、b)、分散処理部120(120a、b)、復元処理部130(130a、b)、およびインタフェース部140(140a、b)などの各部を有する。また、元データ150から分割処理部110により生成された、上述した固定分割データ153を、図示しないHDD(Hard Disk Drive)等の記憶装置上に保持している。 The client terminal 100 is an information processing apparatus such as a PC or a portable terminal that is used by the user to create, edit, and store original data 150 including important data. ) The division processing unit 110 (110a, b), the distributed processing unit 120 (120a, b), the restoration processing unit 130 (130a, b), and the interface unit 140 (140a, b) implemented by the software program that operates on the above. Etc. have each part. Further, the above-described fixed divided data 153 generated from the original data 150 by the division processing unit 110 is held on a storage device such as an HDD (Hard Disk Disk Drive) (not shown).
 分割処理部110は、例えば、後述するインタフェース部140を介してユーザからセキュアな保管を指示された元データ150を、所定の手順に従って、例えば(k,n)閾値秘密分散法(k≦n)により、各サーバ200に分散保管する(n-1)個の分割データ152、およびクライアント端末100上に保持する1個の固定分割データ153に分割する。なお、秘密分散のアルゴリズムは特に限定されず、公知の手法を用いることができるが、上述したように、ある元データ150について編集や更新等が行われても、毎回同じ値となる固定分割データ153を1個生成する機能を有するものとする。 For example, the division processing unit 110 performs, for example, (k, n) threshold secret sharing (k ≦ n) on the original data 150 instructed to be securely stored by the user via the interface unit 140 described later according to a predetermined procedure. Thus, the data is divided into (n−1) pieces of divided data 152 distributedly stored in each server 200 and one piece of fixed divided data 153 held on the client terminal 100. Note that the secret sharing algorithm is not particularly limited, and a known method can be used. However, as described above, even if editing or updating is performed on certain original data 150, fixed divided data that has the same value every time. It is assumed that it has a function of generating one 153.
 一般的に知られている秘密分散の手法において、上記のような固定分割データ153を生成する機能は比較的容易に実現することが可能である。例えば、多項式を用いた(2,3)閾値秘密分散法の場合、y=ax+Sの式により表される直線において、切片により表される秘密情報Sに対して必ず特定の座標を通るように傾きaの値を設定する。この直線において、当該特定の座標に基づいて得られる分割データを固定分割データ153とするとともに、ランダムに選択した直線上の他の2点の座標に基づいて他の2つの分割データ152を決定することができる。 In the generally known secret sharing technique, the function of generating the fixed division data 153 as described above can be realized relatively easily. For example, in the case of the (2, 3) threshold secret sharing method using a polynomial, the slope is such that the secret information S represented by the intercept always passes a specific coordinate in the straight line represented by the equation y = ax + S. Set the value of a. In this straight line, the divided data obtained based on the specific coordinates is set as the fixed divided data 153, and the other two divided data 152 are determined based on the coordinates of the other two points on the randomly selected straight line. be able to.
 分散処理部120は、例えば、分割処理部110により元データ150から生成された(n-1)個の各分割データ152について、図示しない設定情報の内容に基づく所定の条件に従って各サーバ200に送信して分散保管する。設定情報としては、例えば、分散保管先となる各サーバ200に対するアクセス情報(IPアドレスやホスト名等)、(n-1)個より多数のサーバ200が存在する場合に(n-1)個のサーバ200を選択するための基準や条件(例えばサーバ200の優先順位や順序付けされたリスト、ローテーションする際の方法等)などの情報を、ファイルやレジストリ等により予め設定しておくことができる。 For example, the distributed processing unit 120 transmits (n−1) pieces of divided data 152 generated from the original data 150 by the division processing unit 110 to each server 200 according to a predetermined condition based on the content of setting information (not shown). And distributed storage. The setting information includes, for example, access information (IP address, host name, etc.) for each server 200 serving as a distributed storage destination, and when there are more than (n-1) servers 200, (n-1) pieces of information are set. Information such as criteria and conditions for selecting the server 200 (for example, priority of the server 200, an ordered list, a rotation method, etc.) can be set in advance by a file, a registry, or the like.
 また、分散処理部120は、後述する復元処理部130による元データ150の復元の際に、復元処理部130からの要求に基づいて、各サーバ200から、元データ150を復元するためのm個((k-1)≦m≦(n-1))の分割データ152を収集して復元処理部130に受け渡す。m個の分割データ152を収集する手法としては、例えば、上述したように、元データ150に対応する固定分割データ153に基づいて、各サーバ200に対して、対応する分割データ152を有しているか否かを問い合わせることで、これを有している各サーバ200から収集する。 The distributed processing unit 120 restores the original data 150 from each server 200 based on a request from the restoration processing unit 130 when restoring the original data 150 by the restoration processing unit 130 described later. The divided data 152 ((k−1) ≦ m ≦ (n−1)) is collected and transferred to the restoration processing unit 130. As a method of collecting the m pieces of divided data 152, for example, as described above, each server 200 has the corresponding divided data 152 based on the fixed divided data 153 corresponding to the original data 150. It is collected from each server 200 having this by inquiring whether or not it exists.
 なお、サーバ200の障害等により、分割データ152の分散保管時に(n-1)個の分割データ152のうちいずれか1個以上を各サーバ200に保管できなかった場合や、分割データ152の収集時に(k-1)個以上収集できなかった場合は、ユーザに対してエラーを応答するようにしてもよい。また、各サーバ200との間で分割データ152の送受信を行う際に、クライアント端末100および各サーバ200がそれぞれ分割データ152に対して所定の暗号化を施した上で送受信することで、情報漏洩のリスクをさらに低減させるようにしてもよい。 Note that when one or more of the (n−1) pieces of divided data 152 cannot be stored in each server 200 due to a failure of the server 200 or the like when the divided data 152 is distributed and stored, If (k−1) or more cannot be collected from time to time, an error may be returned to the user. Further, when transmitting / receiving the divided data 152 to / from each server 200, the client terminal 100 and each server 200 perform transmission / reception after performing predetermined encryption on the divided data 152, thereby causing information leakage. This risk may be further reduced.
 復元処理部130は、例えば、インタフェース部140を介してユーザから参照や編集等の利用を指示された元データ150について、これを復元するために必要な数である(k-1)個以上の分割データ152を分散処理部120に要求して取得する。さらに、取得した(k-1)個以上の分割データ152と、自身が保持している1個の固定分割データ153の合計k個以上の分割データから、所定の手順に従って、例えば(k,n)閾値秘密分散法により元データ150を復元する。 For example, the restoration processing unit 130 has the number of (k−1) or more necessary for restoring the original data 150 instructed to be used for reference or editing by the user via the interface unit 140. The division data 152 is requested and acquired from the distributed processing unit 120. Furthermore, according to a predetermined procedure, for example, (k, n) is obtained from a total of k pieces or more of the obtained (k−1) or more pieces of divided data 152 and one fixed piece of divided data 153 held by itself. ) Restore the original data 150 by the threshold secret sharing method.
 インタフェース部140は、クライアント端末100における画面表示等のユーザインタフェースやデータの送受信などの入出力機能を有する。ユーザは、例えば、一般的なOSが有するファイル管理用の画面等を利用して、クライアント端末100の機能を利用することができる。 The interface unit 140 has a user interface such as a screen display in the client terminal 100 and an input / output function such as data transmission / reception. The user can use the functions of the client terminal 100 by using, for example, a file management screen of a general OS.
 例えば、ファイル管理用の画面においてユーザが重要データを特定のフォルダ等にドラッグ&ドロップなどの簡易な操作により移動する。これをトリガとして、分割処理部110および分散処理部120によって、自動的に当該重要データを元データ150として(n-1)個の分割データ152と1個の固定分割データ153に分割し、各分割データ152や固定分割データ153をユーザに意識させずに各サーバ200等に分散保管することができる。なお、このとき元データ150はクライアント端末100から削除するが、ファイル管理用の画面上では、ユーザに意識させないよう、例えば、元データ150に対応して、固定分割データ153を特定することができる図示しないダミーファイル等を作成して残しておくようにしてもよい。 For example, on the file management screen, the user moves important data to a specific folder or the like by a simple operation such as drag and drop. With this as a trigger, the division processing unit 110 and the distribution processing unit 120 automatically divide the important data into (n-1) pieces of divided data 152 and one piece of fixed divided data 153 as original data 150. The divided data 152 and the fixed divided data 153 can be distributed and stored in each server 200 or the like without making the user aware of it. At this time, the original data 150 is deleted from the client terminal 100, but the fixed divided data 153 can be specified corresponding to the original data 150, for example, so as not to make the user aware of it on the file management screen. A dummy file or the like (not shown) may be created and left.
 また、例えば、ユーザは、ファイル管理用の画面において特定のフォルダにて管理されている元データ150のダミーファイル等に対して操作を行うことで、元データ150に対する参照や編集等の操作を行うことができる。すなわち、ダミーファイル等に対する操作をトリガとして、分散処理部120および復元処理部130によって、ダミーファイル等によって特定される固定分割データ153に基づいて、自動的に各サーバ200からm個((k-1)≦m≦(n-1))の対応する分割データ152を収集し、これらと固定分割データ153とから元データ150を復元してユーザに利用可能とすることができる。 Further, for example, the user performs operations such as reference and editing on the original data 150 by performing operations on the dummy file of the original data 150 managed in a specific folder on the file management screen. be able to. That is, using the operation on the dummy file or the like as a trigger, the distributed processing unit 120 and the restoration processing unit 130 automatically set m ((k−) from each server 200 based on the fixed division data 153 specified by the dummy file or the like. 1) The corresponding division data 152 corresponding to ≦ m ≦ (n−1)) can be collected, and the original data 150 can be restored from these and the fixed division data 153 to be made available to the user.
 また、後述するように、例えばクライアント端末A(100a)で元データ150から生成された固定分割データ153を、他のクライアント端末100B(100b)に対してオンラインもしくはオフラインで同期し、クライアント端末B(100b)上で当該固定分割データ153に対するダミーファイル等を新たに生成する。これにより、クライアント端末B(100b)上において、当該ダミーファイル等を介した同様な操作により、対応する元データ150に対する参照や編集等の操作を行うことができ、クライアント端末A(100a)と元データ150を共有することが可能となる。なお、ダミーファイル等を用いずに、固定分割データ153をそのまま用いて、これに対するユーザからの操作の指示により、元データ150を復元してユーザに利用可能とするようにしてもよい。 As will be described later, for example, the fixed divided data 153 generated from the original data 150 at the client terminal A (100a) is synchronized with the other client terminal 100B (100b) online or offline, and the client terminal B ( 100b), a dummy file or the like for the fixed divided data 153 is newly generated. Thereby, on the client terminal B (100b), it is possible to perform operations such as reference and editing on the corresponding original data 150 by the same operation via the dummy file or the like, and the client terminal A (100a) and the original The data 150 can be shared. Instead of using a dummy file or the like, the fixed divided data 153 may be used as it is, and the original data 150 may be restored and made available to the user in response to an operation instruction from the user.
 また、図1の例では、各ユーザのクライアント端末100がそれぞれ個別に、元データ150についての秘密分散法による分割や復元、各サーバ200への分散保管等の処理を行うものとしているが、これらの処理を、元データ150を保管するファイルサーバ等の特定のサーバ上で一括して実行するようにしてもよい。 In the example of FIG. 1, each client terminal 100 individually performs processing such as division and restoration of the original data 150 by the secret sharing method, distributed storage in each server 200, etc. This process may be executed collectively on a specific server such as a file server that stores the original data 150.
 サーバ200は、クライアント端末100から送信された分割データ152を格納することができる図示しないHDD等の記憶装置を有する情報処理装置であり、例えば、ファイルサーバや、ストレージサーバなどにより構成される。また、これらの情報処理装置を有するデータセンターであってもよい。また、クラウドコンピューティングサービスによる仮想サーバや仮想データセンター等であってもよい。 The server 200 is an information processing apparatus having a storage device such as an HDD (not shown) that can store the divided data 152 transmitted from the client terminal 100, and includes, for example, a file server or a storage server. Moreover, the data center which has these information processing apparatuses may be sufficient. Further, it may be a virtual server or a virtual data center by a cloud computing service.
 サーバ200は、例えば、図示しないOS上で動作するソフトウェアプログラムによって実装される分散保管部210を有する。分散保管部210は、クライアント端末100から送信された分割データ152を記憶装置に格納する。また、クライアント端末100からの分割データ152の問い合わせに対して、指定された固定分割データ153に対応する分割データ152を保管しているか否かを検索し、該当する分割データ152を保管している場合は、当該分割データ152をクライアント端末100に応答する。このとき、当該分割データ152を記憶装置から削除する(旧バージョンの分割データ152を残さない)ようにしてもよい。 The server 200 includes, for example, a distributed storage unit 210 that is implemented by a software program that runs on an OS (not shown). The distributed storage unit 210 stores the divided data 152 transmitted from the client terminal 100 in the storage device. Further, in response to the inquiry about the divided data 152 from the client terminal 100, whether or not the divided data 152 corresponding to the designated fixed divided data 153 is stored is searched, and the corresponding divided data 152 is stored. In this case, the divided data 152 is returned to the client terminal 100. At this time, the divided data 152 may be deleted from the storage device (the old version of the divided data 152 is not left).
 ここで、保管している各分割データ152が指定された固定分割データ153に対応するものであるか否かを判定する手法としては、上述したように、いくつかのものが考えられ、これらを適宜適用することができる。例えば、クライアント端末A(100a)において元データ150aを秘密分散法により固定分割データ153および分割データ152aに分割した際に、固定分割データ153および各分割データ152aのヘッダ等に付加した、元データ150を識別するファイルID等の情報に基づいて、固定分割データ153と同一のファイルIDを有する分割データ152を検索することができる。 Here, as described above, there are several methods for determining whether or not each stored divided data 152 corresponds to the designated fixed divided data 153. It can be applied as appropriate. For example, when the original data 150a is divided into the fixed divided data 153 and the divided data 152a by the secret sharing method at the client terminal A (100a), the original data 150 added to the header of the fixed divided data 153 and each divided data 152a, etc. The divided data 152 having the same file ID as the fixed divided data 153 can be searched based on information such as the file ID for identifying the file.
 <処理の流れ>
 図3は、クライアント端末100において元データ150を保存する際の処理の流れの例について概要を示した図である。例えば、クライアント端末A(100a)上で、ユーザがインタフェース部140aを介した操作により元データ150の保管を指示すると、まず、分割処理部110aにより、元データ150を秘密分散法により複数の分割データ152および1個の固定分割データ153に分割する(S01)。例えば、(k,n)閾値秘密分散法により、(n-1)個の分割データ152および1個の固定分割データ153に分割する。 <Process flow>
FIG. 3 is a diagram showing an overview of an example of the flow of processing when the original data 150 is stored in the client terminal 100. For example, when the user instructs storage of the original data 150 by an operation via the interface unit 140a on the client terminal A (100a), first, the original data 150 is divided into a plurality of divided data by the secret sharing method by the division processing unit 110a. The data is divided into 152 and one fixed divided data 153 (S01). For example, the data is divided into (n−1) pieces of divided data 152 and one piece of fixed divided data 153 by the (k, n) threshold secret sharing method.
 次に、分散処理部120aにより、(n-1)個の分割データ152を、所定のルールに基づいて決定された異なる(n-1)個のサーバ200にそれぞれ送信する(S02)。図3では、サーバA(200a)およびサーバB(200b)にそれぞれ分割データ152を送信する場合の例を示している。分割データ152を受信した各サーバ200では、それぞれ、分散保管部210により、受信した分割データ152を記憶装置に保管し(S03)、処理結果をクライアント端末A(100a)に応答する。 Next, the distributed processing unit 120a transmits (n-1) pieces of divided data 152 to different (n-1) servers 200 determined based on a predetermined rule (S02). FIG. 3 shows an example in which the divided data 152 is transmitted to each of the server A (200a) and the server B (200b). Each server 200 that receives the divided data 152 stores the received divided data 152 in the storage device by the distributed storage unit 210 (S03), and returns the processing result to the client terminal A (100a).
 クライアント端末A(100a)では、分散処理部120aにより、(n-1)個の分割データ152が全てサーバ200に正常に保管されたか否かを判定する(S04)。ここで、(n-1)個の分割データ152の1つでも正常に保管できなかったものがあった場合は、インタフェース部140aを介してユーザにエラーを通知するようにしてもよい。このとき、上記の一連の処理をロールバックするようにしてもよい。また、正常に保管されなかった分割データ152があった場合でも、(k-1)個以上の分割データ152の保管が正常に完了した場合は、元データ150の復元が可能であることからエラーとはしないようにしてもよい。 In the client terminal A (100a), the distributed processing unit 120a determines whether all (n-1) pieces of divided data 152 have been normally stored in the server 200 (S04). Here, if any of the (n−1) divided data 152 could not be stored normally, an error may be notified to the user via the interface unit 140a. At this time, the series of processes described above may be rolled back. Further, even when there is divided data 152 that has not been normally stored, if the storage of (k-1) or more divided data 152 has been completed normally, the original data 150 can be restored, and an error will occur. You may not make it.
 各サーバ200への分散保管が正常に完了した場合は、分割処理部110aにより、ステップS01で生成された固定分割データ153を記憶装置等に保管する(S05)。このとき、元データ150に対応して固定分割データ153を特定することができるダミーファイルを生成するようにしてもよい。また、各サーバ200に分散保管した分割データ152をクライアント端末A(100a)の記憶装置から削除するようにしてもよい。また、必要に応じて、元データ150を共有する他のクライアント端末100に対して、固定分割データ153を同期する(送信する)ようにしてもよい。このとき、対応するダミーファイル等も合わせて同期するようにしてもよい。 When the distributed storage to each server 200 is completed normally, the division processing unit 110a stores the fixed division data 153 generated in step S01 in a storage device or the like (S05). At this time, a dummy file that can specify the fixed divided data 153 corresponding to the original data 150 may be generated. The divided data 152 distributed and stored in each server 200 may be deleted from the storage device of the client terminal A (100a). Moreover, you may make it synchronize (transmit) the fixed division | segmentation data 153 with respect to the other client terminal 100 which shares the original data 150 as needed. At this time, the corresponding dummy file or the like may also be synchronized.
 一方、図4は、クライアント端末100において元データ150を復元する際の処理の流れの例について概要を示した図である。例えば、クライアント端末A(100a)から固定分割データ153の同期を受けたクライアント端末B(100b)上で、ユーザがインタフェース部140bを介したダミーファイルに対する操作等により元データ150の参照(編集や更新のための参照を含む)を指示すると、まず、復元処理部130bにより、対象の元データ150に対応する固定分割データ153を記憶装置から取得する(S11)。例えば、ユーザが操作したダミーファイル等の情報に基づいて対応する固定分割データ153を特定して取得する。 On the other hand, FIG. 4 is a diagram showing an outline of an example of a flow of processing when the original data 150 is restored in the client terminal 100. For example, on the client terminal B (100b) that has received the synchronization of the fixed division data 153 from the client terminal A (100a), the user references (edits or updates) the original data 150 by operating the dummy file via the interface unit 140b. First, the restoration processing unit 130b acquires the fixed divided data 153 corresponding to the target original data 150 from the storage device (S11). For example, the corresponding fixed divided data 153 is specified and acquired based on information such as a dummy file operated by the user.
 次に、分散処理部120bにより、各サーバ200に対して、固定分割データ153に対応する分割データ152を保持しているかを問い合わせる(S12)。ここでは、例えば、問い合わせのメッセージを各サーバ200に対してブロードキャスト(もしくは所定の範囲のサーバ200に対してマルチキャスト)する。図4では、サーバA(200a)およびサーバB(200b)を含む各サーバ200に対してそれぞれ問い合わせのメッセージをブロードキャスト(もしくはマルチキャスト)する場合の例を示している。 Next, the distributed processing unit 120b inquires of each server 200 whether or not the divided data 152 corresponding to the fixed divided data 153 is held (S12). Here, for example, an inquiry message is broadcast to each server 200 (or multicasted to servers 200 within a predetermined range). FIG. 4 shows an example in which an inquiry message is broadcast (or multicast) to each server 200 including the server A (200a) and the server B (200b).
 問い合わせのメッセージを受信したサーバ200では、それぞれ、分散保管部210により、固定分割データ153に対応する分割データ152を保持しているかを検索する(S13)。例えば、上述したように、固定分割データ153および各分割データ152のヘッダ等に付加された、元データ150を識別するファイルID等の情報に基づいて、固定分割データ153と同一のファイルIDを有する分割データ152を検索する。 In the server 200 that has received the inquiry message, the distributed storage unit 210 searches whether the divided data 152 corresponding to the fixed divided data 153 is held (S13). For example, as described above, the file ID is the same as that of the fixed divided data 153 based on information such as the file ID for identifying the original data 150 added to the fixed divided data 153 and the header of each divided data 152. The divided data 152 is searched.
 例えば、サーバA(200a)のように、対応する分割データ152を有している場合は、これをクライアント端末B(100b)に対して送信する(S14)。一方、サーバB(200b)のように、対応する分割データ152を有していない場合は、その旨をクライアント端末B(100b)に対して送信するようにしてもよい。 For example, when the corresponding divided data 152 is included as in the server A (200a), it is transmitted to the client terminal B (100b) (S14). On the other hand, when the corresponding divided data 152 is not included as in the server B (200b), the fact may be transmitted to the client terminal B (100b).
 クライアント端末B(100b)では、分散処理部120bにより、収集できた分割データ152の数mが、元データ150を復元するために必要となる(k-1)個以上であるか否かを判定する(S15)。ここで、(k-1)個以上の分割データ152を収集できなかった場合は、インタフェース部140bを介してユーザにエラーを通知するようにしてもよい。 In the client terminal B (100b), the distributed processing unit 120b determines whether or not the number m of the divided data 152 that can be collected is equal to or more than (k−1) necessary for restoring the original data 150. (S15). Here, if (k−1) or more pieces of divided data 152 cannot be collected, an error may be notified to the user via the interface unit 140b.
 (k-1)個以上の分割データ152が収集できた場合は、復元処理部130bにより、収集した(k-1)個以上の分割データ152、およびステップS11で取得した固定分割データ153から、(k,n)閾値秘密分散法により元データ150を復元する(S16)。ここで復元された元データ150は、図2において示したように最新バージョンのものである。この元データ150は、インタフェース部140bを介してユーザに提示され、ユーザは、これに対して参照や編集、更新などの処理を行うことができる。 When (k-1) or more pieces of divided data 152 can be collected, the restoration processing unit 130b uses the collected (k-1) or more pieces of divided data 152 and the fixed divided data 153 acquired in step S11. The original data 150 is restored by the (k, n) threshold secret sharing method (S16). The original data 150 restored here is the latest version as shown in FIG. The original data 150 is presented to the user via the interface unit 140b, and the user can perform processing such as reference, editing, and updating.
 編集や更新等を行った後の元データ150を保管する際には、上述の図3に示した一連の処理により、再度秘密分散による元データ150の分割と、分割データ152の各サーバ200への分散保管が行われる。これにより、クライアント端末A(100a)のユーザも、再同期処理等を要さずに、自身が保持する固定分割データ153に基づいて、最新バージョンの元データ150を復元して参照や編集等することができ、クライアント端末A(100a)とクライアント端末B(100b)との間での元データ150の共有を実現することができる。 When storing the original data 150 after being edited or updated, the original data 150 is again divided by secret sharing and the divided data 152 is sent to each server 200 by the series of processes shown in FIG. Distributed storage is performed. As a result, the user of the client terminal A (100a) also restores the latest version of the original data 150 based on the fixed division data 153 held by the client terminal A (100a), and refers to, edits, etc. The original data 150 can be shared between the client terminal A (100a) and the client terminal B (100b).
 以上に説明したように、本発明の一実施の形態であるデータ共有システム1によれば、元データ150を(k,n)閾値秘密分散法により複数の分割データ152に分割する際に、元データ150に対して編集や更新が行われて内容が変わった場合でも毎回必ず同じ値となるような固定分割データ153を生成する。この固定分割データ153を、サーバ200に分散保管するのではなく、秘密分散処理により元データ150を分割データ152に分割した各クライアント端末100上でそれぞれ保持するとともに、複数ユーザ間でこれを共有する。これにより、各クライアント端末100では、固定分割データ153を利用することで、元データ150に対する編集や更新等に伴う再同期処理等を要さずに、各サーバ200から対応する分割データ152を収集して最新バージョンの元データ150を復元することが可能となり、元データ150の共有を実現することが可能となる。 As described above, according to the data sharing system 1 according to an embodiment of the present invention, when the original data 150 is divided into the plurality of divided data 152 by the (k, n) threshold secret sharing method, Even if the data 150 is edited or updated and the content changes, the fixed division data 153 is generated so that it always has the same value. The fixed divided data 153 is not stored in the server 200 in a distributed manner but is held on each client terminal 100 obtained by dividing the original data 150 into the divided data 152 by the secret sharing process and is shared among a plurality of users. . As a result, each client terminal 100 collects the corresponding divided data 152 from each server 200 by using the fixed divided data 153 without requiring re-synchronization processing associated with editing or updating of the original data 150. Thus, the latest version of the original data 150 can be restored, and sharing of the original data 150 can be realized.
 以上、本発明者によってなされた発明を実施の形態に基づき具体的に説明したが、本発明は前記実施の形態に限定されるものではなく、その要旨を逸脱しない範囲で種々変更可能であることはいうまでもない。 As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.
 本発明は、対象の元データから秘密分散法により生成され、複数のサーバ等に分散保管された分割データに基づいて、他のユーザが元データを復元することで元データを共有するデータ共有システムに利用可能である。 The present invention relates to a data sharing system in which original data is shared by other users restoring original data based on divided data generated from a target original data by a secret sharing method and distributed and stored in a plurality of servers. Is available.
 1…データ共有システム、
 100(100a、b)…クライアント端末、110(110a、b)…分割処理部、120(120a、b)…分散処理部、130(130a、b)…復元処理部、140(140a、b)…インタフェース部、150(150a、b)…元データ、151(151a、b)…分散管理情報、152(152a、b)…分割データ、153…固定分割データ、
 200…サーバ、210…分散保管部、
 300…ネットワーク。
 
 
 
 
  1 ... Data sharing system,
100 (100a, b) ... Client terminal, 110 (110a, b) ... Division processing unit, 120 (120a, b) ... Distributed processing unit, 130 (130a, b) ... Restore processing unit, 140 (140a, b) ... Interface unit, 150 (150a, b) ... original data, 151 (151a, b) ... distributed management information, 152 (152a, b) ... divided data, 153 ... fixed divided data,
200 ... server, 210 ... distributed storage unit,
300: Network.




Claims (4)

  1.  記憶装置を有する複数のサーバと、
     前記各サーバとネットワークを介して接続され、元データを(k,n)閾値秘密分散法によりn個の分割データに分割して、前記各分割データをn個の前記サーバの前記記憶装置にそれぞれ分散保管する情報処理装置とを有するデータ共有システムであって、
     前記情報処理装置は、
     前記元データを、前記(k,n)閾値秘密分散法により、(n-1)個の第1の分割データと、1個の第2の分割データに分割し、前記第2の分割データを前記情報処理装置上に保持する分割処理部と、
     (n-1)個の前記第1の分割データを、それぞれ異なる(n-1)個の前記サーバに送信する分散処理部とを有し、
     前記(k,n)閾値秘密分散法は、前記元データの内容が更新された場合であっても、前記第2の分割データを毎回同じ値となるように生成するよう実装されており、
     前記サーバは、
     前記情報処理装置から送信された前記第1の分割データを、前記記憶装置に格納する分散保管部を有することを特徴とするデータ共有システム。     A plurality of servers having storage devices;
    The server is connected to each server via a network, the original data is divided into n pieces of divided data by a (k, n) threshold secret sharing method, and each piece of the divided data is respectively stored in the storage devices of the n pieces of servers. A data sharing system having an information processing apparatus for distributed storage,
    The information processing apparatus includes:
    The original data is divided into (n−1) first divided data and one second divided data by the (k, n) threshold secret sharing method, and the second divided data is divided into A division processing unit held on the information processing apparatus;
    A distributed processing unit that transmits (n−1) pieces of the first divided data to different (n−1) pieces of the servers,
    The (k, n) threshold secret sharing method is implemented to generate the second divided data so as to have the same value every time even when the contents of the original data are updated.
    The server
    A data sharing system, comprising: a distributed storage unit that stores the first divided data transmitted from the information processing apparatus in the storage device.
  2.  請求項1に記載のデータ共有システムにおいて、
     前記情報処理装置は、
     さらに、(k-1)個以上の前記第1の分割データと、前記第2の分割データとから、前記(k,n)閾値秘密分散法により前記元データを復元する復元処理部を有し、
     前記情報処理装置の前記分散処理部は、
     復元する前記元データに対応する前記第2の分割データを指定して、前記各サーバに対して、前記第2の分割データに対応する前記第1の分割データを保持しているか否かを問い合わせるメッセージをブロードキャストし、(k-1)個以上の前記第1の分割データを収集して前記復元処理部に受け渡し、
     前記各サーバの前記分散保管部は、
     前記メッセージに指定された前記第2の分割データに対応する前記第1の分割データが自身の前記記憶装置に保管されているかを検索し、保管されている場合は該当する前記第1の分割データを前記情報処理装置に送信することを特徴とするデータ共有システム。     The data sharing system according to claim 1,
    The information processing apparatus includes:
    And a restoration processing unit that restores the original data from the (k−1) or more first divided data and the second divided data by the (k, n) threshold secret sharing method. ,
    The distributed processing unit of the information processing apparatus includes:
    The second divided data corresponding to the original data to be restored is specified, and each server is inquired whether the first divided data corresponding to the second divided data is held. Broadcast a message, collect (k−1) or more of the first divided data and pass it to the restoration processing unit,
    The distributed storage unit of each server is
    It is searched whether or not the first divided data corresponding to the second divided data designated in the message is stored in its own storage device, and if it is stored, the corresponding first divided data is stored. Is transmitted to the information processing apparatus.
  3.  請求項1または2に記載のデータ共有システムにおいて、
     前記情報処理装置は、
     前記分割処理部により前記元データを複数の前記分割データに分割する際に、前記元データに対応して、前記第2の分割データを特定することができるダミーファイルを生成して保持することを特徴とするデータ共有システム。     The data sharing system according to claim 1 or 2,
    The information processing apparatus includes:
    When dividing the original data into a plurality of pieces of divided data by the division processing unit, a dummy file that can specify the second divided data is generated and held corresponding to the original data. Characteristic data sharing system.
  4.  請求項1~3のいずれか1項に記載のデータ共有システムにおいて、
     前記情報処理装置は、
     前記分割処理部により前記元データを複数の前記分割データに分割する際に生成された前記第2の分割データを、前記第2の分割データを有していない他の前記情報処理装置に送信することを特徴とするデータ共有システム。
     
     
     
     
          The data sharing system according to any one of claims 1 to 3,
    The information processing apparatus includes:
    The second divided data generated when the original data is divided into a plurality of the divided data by the division processing unit is transmitted to another information processing apparatus that does not have the second divided data. A data sharing system characterized by that.




PCT/JP2011/075213 2011-11-01 2011-11-01 Data sharing system WO2013065135A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/JP2011/075213 WO2013065135A1 (en) 2011-11-01 2011-11-01 Data sharing system
PCT/JP2012/077462 WO2013065545A1 (en) 2011-11-01 2012-10-24 Data sharing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/JP2011/075213 WO2013065135A1 (en) 2011-11-01 2011-11-01 Data sharing system

Publications (1)

Publication Number Publication Date
WO2013065135A1 true WO2013065135A1 (en) 2013-05-10

Family

ID=48191529

Family Applications (2)

Application Number Title Priority Date Filing Date
PCT/JP2011/075213 WO2013065135A1 (en) 2011-11-01 2011-11-01 Data sharing system
PCT/JP2012/077462 WO2013065545A1 (en) 2011-11-01 2012-10-24 Data sharing system

Family Applications After (1)

Application Number Title Priority Date Filing Date
PCT/JP2012/077462 WO2013065545A1 (en) 2011-11-01 2012-10-24 Data sharing system

Country Status (1)

Country Link
WO (2) WO2013065135A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104331496A (en) * 2014-11-19 2015-02-04 网易(杭州)网络有限公司 Photo sharing method and device
JP2016186782A (en) * 2014-06-27 2016-10-27 パナソニックIpマネジメント株式会社 Data processing method and data processor

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9231886B2 (en) 2005-03-16 2016-01-05 Adaptive Computing Enterprises, Inc. Simple integration of an on-demand compute environment
US10705750B2 (en) * 2016-06-09 2020-07-07 Informatique Holistec Inc. Data storage system and method for performing same
TWI667909B (en) * 2018-07-31 2019-08-01 國立高雄科技大學 Method for protecting numeric data and computer program product

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007072216A (en) * 2005-09-07 2007-03-22 Global Friendship Inc Electronic information division method utilizing shared divided data
JP2007072643A (en) * 2005-09-06 2007-03-22 Toshiba Corp Data storage system
JP2007300157A (en) * 2006-04-27 2007-11-15 Toshiba Corp System, apparatus and program for secret distribution
JP2007334417A (en) * 2006-06-12 2007-12-27 Nippon Telegr & Teleph Corp <Ntt> Distributed information sharing method and terminal equipment

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4539952B2 (en) * 2003-11-05 2010-09-08 日本電信電話株式会社 Information distributed storage system, apparatus, program and recording medium
JP4657706B2 (en) * 2004-12-27 2011-03-23 株式会社野村総合研究所 Authority management system, authentication server, authority management method, and authority management program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2007072643A (en) * 2005-09-06 2007-03-22 Toshiba Corp Data storage system
JP2007072216A (en) * 2005-09-07 2007-03-22 Global Friendship Inc Electronic information division method utilizing shared divided data
JP2007300157A (en) * 2006-04-27 2007-11-15 Toshiba Corp System, apparatus and program for secret distribution
JP2007334417A (en) * 2006-06-12 2007-12-27 Nippon Telegr & Teleph Corp <Ntt> Distributed information sharing method and terminal equipment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2016186782A (en) * 2014-06-27 2016-10-27 パナソニックIpマネジメント株式会社 Data processing method and data processor
CN104331496A (en) * 2014-11-19 2015-02-04 网易(杭州)网络有限公司 Photo sharing method and device

Also Published As

Publication number Publication date
WO2013065545A1 (en) 2013-05-10

Similar Documents

Publication Publication Date Title
US11429499B2 (en) Heartbeat monitoring of virtual machines for initiating failover operations in a data storage management system, including operations by a master monitor node
US20210258366A1 (en) Remote commands framework to control clients
US11740975B2 (en) System and method for managing blockchain nodes
US11863460B1 (en) Agent message delivery fairness
US9596134B2 (en) Synchronization of configuration file of virtual application distribution chassis
KR102074006B1 (en) Cloud-based distributed data system
EP2479697B1 (en) System and method for netbackup data decryption in a high latency low bandwidth environment
US9031906B2 (en) Method of managing data in asymmetric cluster file system
US20100161550A1 (en) File synchronization based on intercepting file system calls
JP2011501254A (en) Method and system for handling failover in a distributed environment using session affinity
US9824131B2 (en) Regulating a replication operation
WO2013065135A1 (en) Data sharing system
US8315986B1 (en) Restore optimization
US20180357294A1 (en) Data processing system with synchronization of local directory information to cloud system
JP2009110319A (en) Backup system, server device, backup method used for them, and its program
EP3039568B1 (en) Distributed disaster recovery file sync server system
JP2019079280A (en) File verification device, file transfer system and program
US10387666B2 (en) System and method for synchronization of large amounts of data while maintaining control over access rights to such data
US8898407B1 (en) Incremental block based backup
US11662928B1 (en) Snapshot management across cloud provider network extension security boundaries
WO2013065544A1 (en) Data distribution management system
JP2013250759A (en) File synchronization system by differential encryption, method thereof and program
JPWO2016132546A1 (en) Data storage device, data processing method, and data processing program
JP7119324B2 (en) Information processing device and information processing program
US11809735B1 (en) Snapshot management for cloud provider network extensions

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 11874927

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 14/08/2014)

NENP Non-entry into the national phase

Ref country code: JP

122 Ep: pct application non-entry in european phase

Ref document number: 11874927

Country of ref document: EP

Kind code of ref document: A1