WO2014092180A1 - 中間サーバ、データベース問い合わせ処理方法およびプログラム - Google Patents
中間サーバ、データベース問い合わせ処理方法およびプログラム Download PDFInfo
- Publication number
- WO2014092180A1 WO2014092180A1 PCT/JP2013/083447 JP2013083447W WO2014092180A1 WO 2014092180 A1 WO2014092180 A1 WO 2014092180A1 JP 2013083447 W JP2013083447 W JP 2013083447W WO 2014092180 A1 WO2014092180 A1 WO 2014092180A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- query
- inquiry
- database
- database server
- processing
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F12/00—Accessing, addressing or allocating within memory systems or architectures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
- G06F16/24564—Applying rules; Deductive queries
- G06F16/24566—Recursive queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0471—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
Definitions
- the present invention is based on a Japanese patent application: Japanese Patent Application No. 2012-272790 (filed on Dec. 13, 2012), and the entire contents of this application are incorporated herein by reference.
- the present invention relates to an intermediate server, a database inquiry processing method, and a program, and more particularly, to an intermediate server, a database inquiry processing method, and a program that conceal sensitive data (sensitive data) stored in a database.
- FIG. 5 is a block diagram showing the configuration of the database system described in Patent Document 1.
- the database system includes a client 102, a server 104, and a database 106.
- the server 104 also includes a command interface 202, a command parser 204, a command converter 206, an encryption unit 208, and a database interface 210.
- the database system shown in FIG. 5 operates as follows, and performs database inquiry processing while encrypting the data in the database 106 and keeping it secret.
- the client 102 sends a database operation command described in a language such as SQL (Structured Query) Language to the server 104.
- the command interface 202 communicates with the client 102 and receives database operation instructions.
- the command parser 204 parses (analyzes) the database operation instruction received by the command interface 202, extracts an operator of a process to be executed, a column name to be calculated, and the like, and creates an analysis tree.
- the command converter 206 examines the parse tree, and when a column encrypted in the database 106 is an operation target, the command converter 206 converts the operation on the column to include encryption processing such as encryption and decryption.
- the server 104 executes a database operation according to the conversion result thus obtained. When the conversion result includes encryption processing such as encryption and decryption, the server 104 uses the encryption unit 208 to execute encryption processing.
- Patent Document 2 describes a query process in a database system that holds a table including encrypted data.
- both a query (inquiry) for encrypted data and a query (inquiry) for unencrypted data are performed by a map storage device or a map distribution device.
- load processing cannot be achieved by processing a single query among a plurality of devices.
- An object of the present invention is to provide a database system, a database inquiry processing method, and a program that contribute to such a demand.
- the intermediate server is: An encryption processing means for encrypting or decrypting data stored in the database; Query conversion means for dividing the query to the database into a first query that does not require processing by the cryptographic processing means and a second query that requires processing by the cryptographic processing means; Inquiry processing means for sending the first inquiry to a database server connected to the database and obtaining a result from the database server, and executing the second inquiry using the cryptographic processing means. .
- the database query processing method is: A conversion step in which a computer divides a query to a database into a first query that does not require encryption processing and decryption processing and a second query that requires encryption processing or decryption processing; An acquisition step of sending the first query to a database server connected to the database and obtaining a result from the database server; Performing the second inquiry using an encryption process or a decryption process.
- the program according to the third aspect of the present invention is: A conversion process for dividing a query to the database into a first query that does not require encryption and decryption processes and a second query that requires encryption or decryption; An acquisition process for sending the first query to a database server connected to the database and obtaining a result from the database server; And causing the computer to execute a process of executing the second inquiry using an encryption process or a decryption process.
- the program can be provided as a program product recorded on a non-transitory computer-readable storage medium.
- An intermediate server, a database query processing method, and a program according to the present invention can prevent leakage of sensitive information from a database without using a server having both safe operation management and high database operation processing capability. Contribute.
- FIG. 1 It is a block diagram which shows the structure of the database system which concerns on 1st Embodiment as an example. It is a flowchart which shows operation
- the intermediate server 112 encrypts or decrypts data stored in the database 116, and an inquiry to the database 116 does not require processing by the encryption processing unit 214.
- Query conversion means 211 that divides the query (non-sensitive inquiry) into a second query (sensitive inquiry) that requires processing by the encryption processing means 214, and the first inquiry to the database server 114 connected to the database 116.
- Inquiry processing means 212 for sending (non-sensitive inquiry) and obtaining a result from the database server 114, and executing a second inquiry (sensitive inquiry) using the cryptographic processing means 214.
- the inquiry conversion unit 211 performs the first selection that does not require the encryption processing unit 214 to process the selection condition (condition included in the WHERE phrase of the SQL sentence) included in the inquiry (for example, the SQL sentence) to the database 116.
- a condition for example, F ⁇ h1 ⁇ ,..., F ⁇ hz ⁇ described later
- a second selection condition that requires processing by the cryptographic processing means 214 (for example, F ⁇ s1 ⁇ ,. ⁇ )
- the table included in the inquiry is referred to only by the first selection condition (F ⁇ h1 ⁇ ,..., F ⁇ hz ⁇ ) (for example, T ⁇ g1 ⁇ , which will be described later).
- T ⁇ gy ⁇ and other second tables (for example, T ⁇ e1 ⁇ ,..., T ⁇ ew ⁇ described later) and the first selection condition (F ⁇ h1 ⁇ ,... , F ⁇ hz ⁇ ) and the first table (T g1 ⁇ ,..., T ⁇ gy ⁇ ) is generated based on the second selection condition (F ⁇ s1 ⁇ ,..., F ⁇ sx ⁇ ) and the second table ( T ⁇ e1 ⁇ ,..., T ⁇ ew ⁇ ) and the result of the first inquiry acquired from the database server 114 is preferably used to generate a second inquiry (sensitive inquiry).
- second selection condition F ⁇ s1 ⁇ ,..., F ⁇ sx ⁇
- T ⁇ e1 ⁇ ,..., T ⁇ ew ⁇ the result of the first inquiry acquired from the database server 114 is preferably used to generate a second inquiry (sensitive inquiry).
- the inquiry conversion unit 211 refers to the plurality of first tables (T ⁇ g1 ⁇ ,..., T ⁇ gy ⁇ ) by the first selection condition (F ⁇ h1 ⁇ ,..., F ⁇ hz ⁇ ).
- the first query is further divided into a plurality of queries (for example, the right side of Equation 3 to be described later) by classifying them according to whether or not they have columns, and the query processing unit 211 divides the first query. It is preferable that the plurality of queries (right side of Formula 3) obtained in this way are sent to the database server 114 and the processing results for each of the multiple queries (right side of Formula 3) are acquired from the database server 114.
- the intermediate server 113 further includes a process sharing determination unit 218.
- the process sharing determination means 218 determines whether or not the first query should be executed by the database server 114 according to the increase or decrease in the amount of data before and after the processing when the first query is processed by the database server 114. If one query (non-sensitive query) should not be executed by the database server 114, a third query (for example, an intermediate type non-disclosure described later) for executing the first query (non-sensitive query) by the query processing means 212 is used. To sensitive inquiry). At this time, the inquiry processing unit 212 further executes a third inquiry (intermediate non-sensitive inquiry).
- the process sharing determination unit 218 determines the first query (non-sensitive query) as the database server 114. It may be determined that it should not be executed.
- the process sharing determination unit 218 obtains the first inquiry (non-sensitive inquiry, for example, the right side of Equation 4 described later) and the first table (T ⁇ g1 ⁇ ,..., T ⁇ gy ⁇ ) from the database server 114.
- the fourth query for example, the right side of Formula 5 described later
- the other fifth query for example, the right side of Formula 6 described later
- a third query consisting of the fifth query is generated.
- the inquiry processing means 212 obtains the first table (T ⁇ g1 ⁇ ,..., T ⁇ gy ⁇ ) from the database server 114 and executes the fourth inquiry (the right side of Equation 5), and 5 (the right side of Equation 6) is executed.
- the intermediate server 112 includes a key management unit 216 for storing and managing secret information such as an encryption key used for protecting sensitive information, concealment by data encryption and conversion, and Decryption of secret data, restoration by reverse conversion, and other encryption processing means 214 for performing processing using secret information of the key management means 216, and protection of sensitive information included in the database inquiry with the database inquiry as an input
- database queries that require processing by the cryptographic processing means 214 including restoration of protected sensitive information stored in the database 116 and processing of the operation results (sensitive queries), and other database queries (non- Inquiry conversion means 211 for converting into a combination with a subtle inquiry)
- a query processing unit 212 that transmits a non-sensitive query to the database server 114 to acquire a processing result and executes a sensitive query using the cryptographic processing unit 214. You may have.
- the database inquiry from the client 110 is converted into a sensitive inquiry and a non-sensitive inquiry by the inquiry conversion unit 211 in the intermediate server 112, and the non-sensitive inquiry is transmitted to the database server 114.
- the inquiry processing means 212 in the intermediate server 112 processes the sensitive inquiry.
- the database inquiry processing in the intermediate server 112 is reduced, and the database server 114 directly receives the confidential information used for protecting sensitive information and the unprotected sensitive information. No need to handle.
- database queries are converted into sensitive queries that require restoration of protected sensitive data and the resulting unprotected sensitive data, and non-sensitive queries that are otherwise protected, allowing safe operation management. This is because the necessary sensitive inquiry is executed by the intermediate server 112 and only the non-sensitive inquiry is executed by the database server 114.
- the intermediate server according to the first aspect.
- the inquiry conversion means converts the selection condition included in the inquiry to the database into a first selection condition that does not require processing by the cryptographic processing means and a second selection condition that requires processing by the cryptographic processing means.
- the first inquiry is generated based on the first selection condition and the first table, and the result of the first inquiry obtained from the second selection condition, the second table, and the database server
- the second query may be generated based on [Form 3]
- the query conversion means further divides the first query into a plurality of queries by classifying the plurality of first tables according to whether or not they have a column referred to by the first selection condition.
- the inquiry processing means may send a plurality of queries obtained by dividing the first query to the database server, and obtain processing results for each of the plurality of queries from the database server.
- the intermediate server determines whether or not the first query should be executed by the database server according to an increase or decrease in the amount of data before and after processing the first query by the database server, If the first query is not to be executed by the database server, it further comprises a process sharing determination unit that converts the first query into a third query for execution by the query processing unit, The inquiry processing means may further execute the third inquiry.
- the processing sharing determination unit should not execute the first query by the database server. You may judge.
- the process sharing determination means breaks down the first inquiry into a fourth inquiry executed by obtaining the first table from the database server, and a fifth inquiry other than that, Generating the third query comprising the fourth query and the fifth query;
- the inquiry processing means may acquire the first table from the database server, execute the fourth inquiry, and execute the fifth inquiry.
- the database inquiry processing method according to the second aspect is as described above.
- the converting step includes a first selection condition that does not require encryption processing and decryption processing, and a second selection condition that requires encryption processing or decryption processing as a selection condition included in the inquiry to the database.
- the first query is further divided into a plurality of queries by classifying the plurality of first tables according to whether or not they have a column referred to by the first selection condition.
- a plurality of queries obtained by dividing the first query may be sent to the database server, and processing results for each of the plurality of queries may be acquired from the database server.
- the database query processing method determines whether the first query should be executed by the database server according to an increase or decrease in the amount of data before and after processing the first query by the database server.
- a determination process A step of converting the first query into a third query and executing it when it is determined that the first query should not be executed by the database server.
- the determination step if the amount of data after execution when the first query is executed by the database server is larger than that before execution, it is determined that the first query should not be executed by the database server. May be.
- the database query processing method is executed by acquiring the first query from the database server.
- the program is related to the third viewpoint.
- the conversion process includes: a first selection condition that does not require an encryption process and a decryption process; and a second selection condition that requires an encryption process or a decryption process.
- the first query is further divided into a plurality of queries by classifying the plurality of first tables according to whether or not the first table has a column referred to by the first selection condition.
- a plurality of queries obtained by dividing the first query may be sent to the database server, and processing results for each of the plurality of queries may be acquired from the database server.
- [Form 16] A determination process for determining whether or not the first query should be executed by the database server according to an increase or decrease in the amount of data before and after the first query is processed by the database server; , When it is determined that the first query should not be executed by the database server, the computer may execute processing for converting the first query into a third query and executing the third query. [Form 17] In the determination process, when the amount of data after execution when the first query is executed by the database server is larger than before execution, it is determined that the first query should not be executed by the database server. May be. [Form 18] If it is determined that the first query should not be executed by the database server, the program acquires the first query from the database server and executes the first query. A process of generating the third query comprising the fourth query and the fifth query by decomposing the query into a fifth query other than the query; The computer may be configured to execute the fourth inquiry by acquiring the first table from the database server and executing the fifth inquiry.
- FIG. 1 is a block diagram illustrating an example of the configuration of a database system including an intermediate server 112 according to the present embodiment.
- the database system includes an intermediate server 112, a database server 114, and a database 116, and accepts access from the client 110.
- the intermediate server 112 includes an inquiry conversion unit 211, an inquiry processing unit 212, a key management unit 216, and an encryption processing unit 214.
- the key management means 216 stores and manages secret information such as an encryption key used for protecting sensitive information on the database 116.
- the encryption processing unit 214 uses the secret information stored in the key management unit 216 to perform processing such as data anonymization, concealment by encryption, restoration by decryption, and the like.
- the query conversion unit 211 receives a database query from the client 110 as an input, and a database query that requires an operation by the cryptographic processing unit 214 and a process for the operation result with respect to data stored in the database 116 (hereinafter referred to as “subtle query”). ”) And other database queries (hereinafter referred to as“ non-sensitive queries ”).
- the query processing unit 212 transmits a non-sensitive query among the database queries output by the query conversion unit 211 to the database server 114 and acquires the result. On the other hand, the inquiry processing unit 212 executes an inquiry about the sensitive inquiry using the encryption processing unit 214.
- FIG. 2 is a flowchart showing an example of the operation of the database system (FIG. 1) according to the present embodiment. With reference to FIG. 2, the overall operation of the database system of this embodiment will be described in detail.
- the intermediate server 112 receives a database inquiry from the client 110 (step A1).
- the query conversion means 211 converts the received database query into a series of sensitive queries and non-sensitive queries (step A2).
- the inquiry processing means 212 refers to the converted inquiry sequence, and acquires the first inquiry of unprocessed queries that have not been processed (step A3).
- the inquiry processing means 212 confirms whether the acquired inquiry is a non-sensitive inquiry or a sensitive inquiry (step A4).
- the inquiry processing unit 212 transmits the acquired inquiry to the database server 114 (step A5), and receives the processing result of the inquiry processed by the database server 114 (step A5). A6).
- the inquiry processing means 212 performs anonymization or encryption processing of confidential data included in the inquiry, restoration processing by decryption, etc., encryption processing means 214 and This is executed using the key management means 216 (step A7).
- the inquiry processing means 212 determines that the inquiry acquired in step A3 has been processed (step A8).
- the inquiry processing means 212 refers to the converted inquiry sequence and checks whether all the inquiries have been processed (step A9).
- step A9 If there is a query that has not been processed (No in step A9), the process returns to step A3. On the other hand, if all the processes have been completed (Yes in step A9), the process is terminated.
- FIG. 3 is a flowchart showing the operation of the inquiry conversion unit 211 as an example. The operation of the inquiry conversion unit 211 will be described with reference to FIG.
- the inquiry conversion means 211 can be realized as follows, for example, for a general database inquiry by SQL.
- the general expression of the input database query is as follows.
- the expression of the database query in the present invention is not limited to the following.
- the query conversion unit 211 selects the tables T ⁇ 1 ⁇ , T ⁇ 2 ⁇ ,..., T ⁇ q ⁇ specified by the FROM clause and the selection conditions F ⁇ 1 ⁇ , F ⁇ 2 specified by the WHERE clause. ⁇ ,..., F ⁇ r ⁇ are examined, and the table and the selection condition are classified as follows based on the reference relationship based on the selection condition that requires processing using the cryptographic processing means 214 for determining the condition (step B1). .
- the target column of the selection condition does not include a column that needs to be concealed by encryption or the like in the database (hereinafter referred to as “confidential column”) or an operation that does not require restoration of the concealed data.
- Determinable conditions for example, conditions based on the number of data included in the column
- F ⁇ h1 ⁇ ,..., F ⁇ hz ⁇ and a table T ⁇ g1 referenced only by F ⁇ h1 ⁇ ,. ⁇ , ..., T ⁇ gy ⁇
- the inquiry conversion means 211 creates a sequence of non-sensitive inquiries as follows based on the table and selection conditions classified in step B1 (step B2).
- the query conversion means 211 creates a non-sensitive query using the following SQL statement for T ⁇ g1 ⁇ ,..., T ⁇ gy ⁇ classified as ⁇ ).
- T ′ ⁇ SELECT C * ⁇ FROM T ⁇ g1 ⁇ ,..., T ⁇ gy ⁇ WHERE F ⁇ h1 ⁇ AND ... AND F ⁇ hz ⁇
- the SQL statement on the right side of the equal sign in Equation 1 represents a non-sensitive inquiry transmitted to the database server 114.
- the left side of the equal sign in Equation 1 indicates that the intermediate server 112 holds the result of the inquiry on the right side in a memory or the like (not shown) in the intermediate server 112 with the table name on the left side of the equal sign.
- C * ⁇ is included in the column names C ⁇ 1 ⁇ ,..., C ⁇ k ⁇ specified by the input SQL statement among the columns of the tables T ⁇ g1 ⁇ ,.
- the abbreviated notation of the column designation consisting of all of those included in the column name referenced by F ⁇ s1 ⁇ ,..., F ⁇ sx ⁇ .
- the query conversion unit 211 creates a non-sensitive query using the SQL statement of the following formula 2 for T ⁇ e1 ⁇ ,..., T ⁇ ew ⁇ classified into ⁇ ).
- T ′ ⁇ e1 ⁇ SELECT C * ⁇ e1 ⁇ FROM T ⁇ e1 ⁇
- T ′ ⁇ e2 ⁇ SELECT C * ⁇ e2 ⁇ FROM T ⁇ e2 ⁇ :
- T ′ ⁇ ew ⁇ SELECT C * ⁇ ew ⁇ FROM T ⁇ ew ⁇
- C * ⁇ e1 ⁇ ,..., C * ⁇ ew ⁇ are column names C ⁇ 1 ⁇ specified by the input SQL statement among the columns of T ⁇ e1 ⁇ ,. ,..., C ⁇ k ⁇ and an abbreviation for specifying a column consisting of all those included in the column names referred to by F ⁇ s1 ⁇ ,.
- queries represented by the SQL statements so far do not include selection conditions F ⁇ s1 ⁇ ,..., F ⁇ sx ⁇ that require processing using the cryptographic processing means 214, and are all non-sensitive queries. .
- the inquiry conversion means 211 creates a sensitive inquiry using the following SQL statement (step B3).
- This SQL sentence is a query process that refers to the result of the non-sensitive query created in step B2 and includes a selection condition that requires processing using the cryptographic processing means 214.
- the inquiry conversion means 211 outputs the non-sensitive inquiry created in step B3 along with the non-sensitive inquiry series created in step B2 (step B4). At this time, the order may be changed between the non-sensitive inquiries created in step B2 in the output series.
- the query processing unit 212 can cause the database server 114 to execute a non-sensitive query that does not require processing in the intermediate server 112. It becomes possible. Thereby, an increase in database operation processing in the intermediate server 104 can be suppressed.
- the SQL statement of the non-sensitive inquiry that acquires T ′ ⁇ in the above step B2 can be converted into a sequence of SQL statements of the non-sensitive inquiry as shown in the following Equation 3.
- T ′ ⁇ n ⁇ SELECT C * ⁇ n ⁇ FROM T ⁇ gd ⁇ ,..., T ⁇ gn ⁇ WHERE F ⁇ hd ⁇ AND... AND F ⁇ hn ⁇
- the sensitive inquiry at this time is as follows.
- Table T ⁇ g1 ⁇ ,..., T ⁇ gy ⁇ is selected as the table specified in the FROM clause of the SQL statement on the right side of T ′ ⁇ 1 ⁇ ,. It is obtained by performing the closed division according to the relationship of whether or not the condition F ⁇ h1 ⁇ ,...
- C * ⁇ 1 ⁇ ,..., C * ⁇ n ⁇ are the columns of the table specified in the FROM clause of the SQL statement on the right side of T ′ ⁇ 1 ⁇ ,. Consists of all that are included in the column names C ⁇ 1 ⁇ ,..., C ⁇ k ⁇ specified in the input SQL statement, and all that are included in the column names referenced by F ⁇ s1 ⁇ ,. Abbreviated notation for column specification.
- the database server 114 joins y tables in one query, and thus y-1 table join processing is required.
- the query is divided into n times in the divided query, and the table join process can be completed sn times. Therefore, by dividing the non-sensitive inquiry as shown in Equation 3, the processing in the database server 114 can be reduced.
- the number of data in the joined result table is a ⁇ b at the maximum. Therefore, in the query before division, the maximum number of data
- it can be expected that the number of data is suppressed more than before division.
- the query conversion unit 211 converts the database query into a series of sensitive queries and non-sensitive queries, and the sensitive query that requires safe operation management is processed by the intermediate server 112.
- the sensitive inquiry is processed by the database server 114. Therefore, sensitive information leakage from the database can be prevented without using a server having both safe operation management and high database operation processing performance.
- the number of table join processes in the database server 114 can be suppressed. Furthermore, in this case, an increase in the number of data as a result of the non-sensitive inquiry is also suppressed, and the amount of communication between the database server 114 and the intermediate server 112 can be suppressed.
- FIG. 4 is a block diagram illustrating an example of the configuration of a database system including the intermediate server 113 according to the present embodiment.
- the intermediate server 113 further includes a process sharing determination unit 218 in addition to the configuration of the intermediate server 112 according to the first embodiment (FIG. 1).
- the process sharing determination unit 218 receives the non-sensitive inquiry from the inquiry conversion unit 211 as an input.
- the processing sharing determination means 218 determines whether the amount of communication and the calculation amount is smaller when the intermediate server 112 acquires the necessary table from the intermediate server 113 and processes it by the intermediate server 112, rather than processing the non-sensitive inquiry by the database server 114. Determine.
- the processing sharing determination unit 218 receives the non-sensitive inquiry received from the inquiry conversion unit 211, the non-sensitive inquiry for acquiring the necessary table from the database server 114 to the intermediate server 113, and the remaining It is converted into a query composed of non-sensitive queries (hereinafter referred to as “intermediate non-sensitive queries”) and output.
- the processing sharing determination unit 218 when the communication amount and the calculation amount do not decrease, the processing sharing determination unit 218 outputs a determination result that conversion is not necessary. Further, in this case, the processing sharing determination unit 218 outputs the non-sensitive inquiry received from the inquiry conversion unit 211 without conversion.
- the non-sensitive inquiry that is output as it is without being converted by the inquiry conversion unit 211 is referred to as “normal non-sensitive inquiry”.
- the query conversion unit 211 converts the input database query into a series of sensitive queries and non-sensitive queries, and uses the processing sharing determination unit 218 to convert the non-sensitive queries into intermediate non-sensitive queries and normal non-sensitive queries. Is output to the inquiry processing means 212.
- the query processing unit 212 transmits an ordinary non-sensitive query among the database queries output by the query converting unit 211 to the database server 114 to acquire the result, and then executes the intermediate non-sensitive query. Further, the inquiry processing means 212 executes a sensitive inquiry using the encryption processing means 214.
- Processing share determination means 218 operates as follows.
- the processing sharing determination means 218 Upon receiving the non-sensitive inquiry from the inquiry conversion means 211, the processing sharing determination means 218 first checks the contents of the table and the selection conditions included in the inquiry, and the communication amount and calculation amount are smaller when the processing is performed by the intermediate server 113. Determine whether or not. Specifically, when the query is expected to increase the number of data after the execution of the processing based on the information on the execution status of the past database query processing, the processing target is compared with the processing performed by the database server 114. It is expected that the amount of communication and the amount of calculation are reduced when the query is processed in the intermediate server 113 after the table is acquired by the intermediate server 113. Therefore, in such a case, the processing sharing determination unit 218 converts the non-sensitive inquiry received from the inquiry conversion unit 211 into an intermediate non-sensitive inquiry as follows.
- Equation 4 the received non-sensitive inquiry is expressed as Equation 4 below.
- T ′ ⁇ SELECT C * ⁇ FROM T ⁇ g1 ⁇ ,..., T ⁇ gy ⁇ WHERE F ⁇ h1 ⁇ AND ... AND F ⁇ hz ⁇
- the processing sharing determination means 218 outputs a series consisting of the following formulas 5 and 6 as an intermediate non-sensitive query.
- T ′ ⁇ g1 ⁇ SELECT C * ⁇ g1 ⁇ FROM T ⁇ g1 ⁇
- T ′ ⁇ g2 ⁇ SELECT C * ⁇ g2 ⁇ FROM T ⁇ g2 ⁇ :
- T ′ ⁇ gy ⁇ SELECT C * ⁇ gy ⁇ FROM T ⁇ gy ⁇
- T ′ ⁇ SELECT C * ⁇ FROM T ′ ⁇ g1 ⁇ ,..., T ′ ⁇ gy ⁇ WHERE F ⁇ h1 ⁇ AND... AND F ⁇ hz ⁇
- C * ⁇ g1 ⁇ , C * ⁇ g2 ⁇ ,..., C * ⁇ gi ⁇ are included in C * ⁇ among the columns of the table T ⁇ g1 ⁇ ,.
- the selection condition for acquiring rows in which the column value is equal to or greater than a certain constant, and the selection condition for joining tables by matching the column value the number of data is generally reduced by executing query processing. For this reason, even if the processing is performed by the intermediate server 113, it is not expected that the communication amount and the calculation amount are reduced as compared with the case where the processing is performed by the database server 114. Further, even if the selection conditions are other than these, if the query is expected to reduce the number of data after the execution of the process based on the information on the execution status of the past database query process, the intermediate server 112 is similarly used. It is not expected that the amount of communication and calculation will be reduced even if it is processed with. Therefore, in these cases, the process sharing determination unit 218 determines that conversion is not necessary.
- the intermediate server 113 may cache (record) the series of non-sensitive queries transmitted to the database server 114 and the execution results thereof. At this time, if the received non-sensitive inquiry includes a table or a query stored in the cache, the processing sharing determination unit 218 converts the non-sensitive inquiry into an intermediate non-sensitive inquiry referring to the cache. Thereby, the amount of communication between the database server 114 and the intermediate server 113 can be further reduced.
- the intermediate server 113 (FIG. 4) according to the present embodiment further includes a process sharing determination unit 218 in addition to the configuration of the intermediate server 112 according to the first embodiment (FIG. 1).
- the processing sharing determination means 218 converts the non-sensitive inquiry into a series of intermediate non-sensitive inquiry and normal non-sensitive inquiry so that the communication amount and data processing amount between the database server 114 and the intermediate server 113 are reduced.
- the inquiry processing unit 212 processes an intermediate non-sensitive inquiry in addition to the sensitive inquiry. Therefore, according to the present embodiment, in addition to the effects of the first embodiment, the communication amount between the database server 114 and the intermediate server 112 can be further reduced, and the data processing amount can be reduced.
- the database system according to the present invention can be applied to a database system for making a database inquiry while keeping sensitive data secret.
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Computational Linguistics (AREA)
- Computing Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
Description
本発明は、日本国特許出願:特願2012-272790号(2012年12月13日出願)に基づくものであり、同出願の全記載内容は引用をもって本書に組み込み記載されているものとする。
本発明は、中間サーバ、データベース問い合わせ処理方法およびプログラムに関し、特に、データベースに格納された機微データ(センシティブデータ)を秘匿する中間サーバ、データベース問い合わせ処理方法およびプログラムに関する。
データベースに格納されたデータを暗号化または復号化する暗号処理手段と、
前記データベースへの問い合わせを、前記暗号処理手段による処理を必要としない第1の問い合わせと前記暗号処理手段による処理を必要とする第2の問い合わせとに分割する問い合わせ変換手段と、
前記データベースに接続されたデータベースサーバに前記第1の問い合わせを送出して該データベースサーバから結果を取得するとともに、前記暗号処理手段を用いて前記第2の問い合わせを実行する問い合わせ処理手段と、を備える。
コンピュータが、データベースへの問い合わせを、暗号化処理および復号化処理を必要としない第1の問い合わせと暗号化処理または復号処理を必要とする第2の問い合わせとに分割する変換工程と、
前記データベースに接続されたデータベースサーバに前記第1の問い合わせを送出して該データベースサーバから結果を取得する取得工程と、
暗号化処理または復号化処理を用いて前記第2の問い合わせを実行する工程と、を含む。
データベースへの問い合わせを、暗号化処理および復号化処理を必要としない第1の問い合わせと暗号化処理または復号化処理を必要とする第2の問い合わせとに分割する変換処理と、
前記データベースに接続されたデータベースサーバに前記第1の問い合わせを送出して該データベースサーバから結果を取得する取得処理と、
暗号化処理または復号化処理を用いて前記第2の問い合わせを実行する処理と、をコンピュータに実行させる。
なお、プログラムは、非一時的なコンピュータ可読記録媒体(non-transitory computer-readable storage medium)に記録されたプログラム製品として提供することができる。
[形態1]
上記第1の視点に係る中間サーバのとおりである。
[形態2]
前記問い合わせ変換手段は、前記データベースへの問い合わせに含まれる選択条件を前記暗号処理手段による処理を必要としない第1の選択条件と前記暗号処理手段による処理を必要とする第2の選択条件とに分類し、該問い合わせに含まれるテーブルを該第1の選択条件のみに参照される第1のテーブルとそれ以外の第2のテーブルとに分類するとともに、
前記第1の選択条件および前記第1のテーブルに基づいて前記第1の問い合わせを生成し、前記第2の選択条件および前記第2のテーブルならびに前記データベースサーバから取得した前記第1の問い合わせの結果に基づいて前記第2の問い合わせを生成してもよい。
[形態3]
前記問い合わせ変換手段は、複数の前記第1のテーブルを前記第1の選択条件に参照されるカラムを有するか否かに応じて分類することで、前記第1の問い合わせをさらに複数の問い合わせに分割し、
前記問い合わせ処理手段は、前記第1の問い合わせを分割して得られた複数の問い合わせを前記データベースサーバに送出し、該複数の問い合わせのそれぞれに対する処理結果を前記データベースサーバから取得してもよい。
[形態4]
前記中間サーバは、前記第1の問い合わせを前記データベースサーバで処理したときの処理前後におけるデータ量の増減に応じて、前記第1の問い合わせを前記データベースサーバで実行すべきか否かを判定し、前記第1の問い合わせを前記データベースサーバで実行すべきでない場合、前記第1の問い合わせを前記問い合わせ処理手段で実行するための第3の問い合わせに変換する処理分担判定手段を、さらに備え、
前記問い合わせ処理手段は、さらに前記第3の問い合わせを実行してもよい。
[形態5]
前記処理分担判定手段は、前記第1の問い合わせを前記データベースサーバで実行したときの実行後のデータ量が実行前よりも増加する場合、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定してもよい。
[形態6]
前記処理分担判定手段は、前記第1の問い合わせを、前記第1のテーブルを前記データベースサーバから取得して実行される第4の問い合わせと、それ以外の第5の問い合わせとに分解することで、該第4の問い合わせと該第5の問い合わせとから成る前記第3の問い合わせを生成し、
前記問い合わせ処理手段は、前記データベースサーバから前記第1のテーブルを取得して前記第4の問い合わせを実行するとともに、前記第5の問い合わせを実行してもよい。
[形態7]
上記第2の視点に係るデータベース問い合わせ処理方法のとおりである。
[形態8]
前記変換工程は、前記データベースへの問い合わせに含まれる選択条件を暗号化処理および復号化処理を必要としない第1の選択条件と暗号化処理または復号化処理を必要とする第2の選択条件とに分類し、該問い合わせに含まれるテーブルを該第1の選択条件のみに参照される第1のテーブルとそれ以外の第2のテーブルとに分類する工程と、
前記第1の選択条件および前記第1のテーブルに基づいて前記第1の問い合わせを生成し、前記第2の選択条件および前記第2のテーブルならびに前記データベースサーバから取得した前記第1の問い合わせの結果に基づいて前記第2の問い合わせを生成する工程と、を含んでもよい。
[形態9]
前記変換工程において、複数の前記第1のテーブルを前記第1の選択条件に参照されるカラムを有するか否かに応じて分類することで、前記第1の問い合わせをさらに複数の問い合わせに分割し、
前記取得工程において、前記第1の問い合わせを分割して得られた複数の問い合わせを前記データベースサーバに送出し、該複数の問い合わせのそれぞれに対する処理結果を前記データベースサーバから取得してもよい。
[形態10]
前記データベース問い合わせ処理方法は、前記第1の問い合わせを前記データベースサーバで処理したときの処理前後におけるデータ量の増減に応じて、前記第1の問い合わせを前記データベースサーバで実行すべきか否かを判定する判定工程と、
前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを第3の問い合わせに変換して実行する工程と、を含んでもよい。
[形態11]
前記判定工程において、前記第1の問い合わせを前記データベースサーバで実行したときの実行後のデータ量が実行前よりも増加する場合、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定してもよい。
[形態12]
前記データベース問い合わせ処理方法は、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを、前記第1のテーブルを前記データベースサーバから取得して実行される第4の問い合わせと、それ以外の第5の問い合わせとに分解することで、該第4の問い合わせと該第5の問い合わせとから成る前記第3の問い合わせを生成する工程と、
前記データベースサーバから前記第1のテーブルを取得して前記第4の問い合わせを実行するとともに、前記第5の問い合わせを実行する工程と、を含んでもよい。
[形態13]
上記第3の視点に係るプログラムのとおりである。
[形態14]
前記変換処理は、前記データベースへの問い合わせに含まれる選択条件を暗号化処理および復号化処理を必要としない第1の選択条件と暗号化処理または復号化処理を必要とする第2の選択条件とに分類し、該問い合わせに含まれるテーブルを該第1の選択条件のみに参照される第1のテーブルとそれ以外の第2のテーブルとに分類する処理と、
前記第1の選択条件および前記第1のテーブルに基づいて前記第1の問い合わせを生成し、前記第2の選択条件および前記第2のテーブルならびに前記データベースサーバから取得した前記第1の問い合わせの結果に基づいて前記第2の問い合わせを生成する処理と、を含んでもよい。
[形態15]
前記変換処理において、複数の前記第1のテーブルを前記第1の選択条件に参照されるカラムを有するか否かに応じて分類することで、前記第1の問い合わせをさらに複数の問い合わせに分割し、
前記取得処理において、前記第1の問い合わせを分割して得られた複数の問い合わせを前記データベースサーバに送出し、該複数の問い合わせのそれぞれに対する処理結果を前記データベースサーバから取得してもよい。
[形態16]
前記プログラムは、前記第1の問い合わせを前記データベースサーバで処理したときの処理前後におけるデータ量の増減に応じて、前記第1の問い合わせを前記データベースサーバで実行すべきか否かを判定する判定処理と、
前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを第3の問い合わせに変換して実行する処理と、を前記コンピュータに実行させてもよい。
[形態17]
前記判定処理において、前記第1の問い合わせを前記データベースサーバで実行したときの実行後のデータ量が実行前よりも増加する場合、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定してもよい。
[形態18]
前記プログラムは、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを、前記第1のテーブルを前記データベースサーバから取得して実行される第4の問い合わせと、それ以外の第5の問い合わせとに分解することで、該第4の問い合わせと該第5の問い合わせとから成る前記第3の問い合わせを生成する処理と、
前記データベースサーバから前記第1のテーブルを取得して前記第4の問い合わせを実行するとともに、前記第5の問い合わせを実行する処理と、を前記コンピュータに実行させてもよい。
第1の実施形態に係る中間サーバについて、図面を参照して詳細に説明する。
T’{α}=SELECT C*{α} FROM T{g1},…,T{gy} WHERE F{h1} AND … AND F{hz}
T’{e1}=SELECT C*{e1} FROM T{e1}
T’{e2}=SELECT C*{e2} FROM T{e2}
:
T’{ew}=SELECT C*{ew} FROM T{ew}
T’{α1}=SELECT C*{α1} FROM T{g1},…,T{gi} WHERE F{h1} AND … AND F{hj}
T’{α2}=SELECT C*{α2} FROM T{g{i+1}},…,T{g{i+a}} WHERE F{h{j+1}} AND … AND F{h{j+b}}
:
T’{αn}=SELECT C*{αn} FROM T{gd},…,T{gn} WHERE F{hd} AND … AND F{hn}
次に、第2の実施形態に係る中間サーバについて、図面を参照して詳細に説明する。図4は、本実施形態に係る中間サーバ113を備えたデータベースシステムの構成を一例として示すブロック図である。
T’{α}=SELECT C*{α} FROM T{g1},…,T{gy} WHERE F{h1} AND … AND F{hz}
T’{g1}=SELECT C*{g1} FROM T{g1}
T’{g2}=SELECT C*{g2} FROM T{g2}
:
T’{gy}=SELECT C*{gy} FROM T{gy}
T’{α}=SELECT C*{α} FROM T’{g1},…,T’{gy} WHERE F{h1} AND … AND F{hz}
104 サーバ
106 データベース
110 クライアント
112、113 中間サーバ
114 データベースサーバ
116 データベース
202 コマンドインタフェース
204 コマンドパーサ
206 コマンド変換器
208 暗号ユニット
210 データベースインタフェース
211 問い合わせ変換手段
212 問い合わせ処理手段
214 暗号処理手段
216 鍵管理手段
218 処理分担判定手段
Claims (18)
- データベースに格納されたデータを暗号化または復号化する暗号処理手段と、
前記データベースへの問い合わせを、前記暗号処理手段による処理を必要としない第1の問い合わせと前記暗号処理手段による処理を必要とする第2の問い合わせとに分割する問い合わせ変換手段と、
前記データベースに接続されたデータベースサーバに前記第1の問い合わせを送出して該データベースサーバから結果を取得するとともに、前記暗号処理手段を用いて前記第2の問い合わせを実行する問い合わせ処理手段と、を備える、中間サーバ。 - 前記問い合わせ変換手段は、前記データベースへの問い合わせに含まれる選択条件を前記暗号処理手段による処理を必要としない第1の選択条件と前記暗号処理手段による処理を必要とする第2の選択条件とに分類し、該問い合わせに含まれるテーブルを該第1の選択条件のみに参照される第1のテーブルとそれ以外の第2のテーブルとに分類するとともに、
前記第1の選択条件および前記第1のテーブルに基づいて前記第1の問い合わせを生成し、前記第2の選択条件および前記第2のテーブルならびに前記データベースサーバから取得した前記第1の問い合わせの結果に基づいて前記第2の問い合わせを生成する、請求項1に記載の中間サーバ。 - 前記問い合わせ変換手段は、複数の前記第1のテーブルを前記第1の選択条件に参照されるカラムを有するか否かに応じて分類することで、前記第1の問い合わせをさらに複数の問い合わせに分割し、
前記問い合わせ処理手段は、前記第1の問い合わせを分割して得られた複数の問い合わせを前記データベースサーバに送出し、該複数の問い合わせのそれぞれに対する処理結果を前記データベースサーバから取得する、請求項2に記載の中間サーバ。 - 前記第1の問い合わせを前記データベースサーバで処理したときの処理前後におけるデータ量の増減に応じて、前記第1の問い合わせを前記データベースサーバで実行すべきか否かを判定し、前記第1の問い合わせを前記データベースサーバで実行すべきでない場合、前記第1の問い合わせを前記問い合わせ処理手段で実行するための第3の問い合わせに変換する処理分担判定手段を、さらに備え、
前記問い合わせ処理手段は、さらに前記第3の問い合わせを実行する、請求項1ないし3のいずれか1項に記載の中間サーバ。 - 前記処理分担判定手段は、前記第1の問い合わせを前記データベースサーバで実行したときの実行後のデータ量が実行前よりも増加する場合、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定する、請求項4に記載の中間サーバ。
- 前記処理分担判定手段は、前記第1の問い合わせを、前記第1のテーブルを前記データベースサーバから取得して実行される第4の問い合わせと、それ以外の第5の問い合わせとに分解することで、該第4の問い合わせと該第5の問い合わせとから成る前記第3の問い合わせを生成し、
前記問い合わせ処理手段は、前記データベースサーバから前記第1のテーブルを取得して前記第4の問い合わせを実行するとともに、前記第5の問い合わせを実行する、請求項5に記載の中間サーバ。 - コンピュータが、データベースへの問い合わせを、暗号化処理および復号化処理を必要としない第1の問い合わせと暗号化処理または復号処理を必要とする第2の問い合わせとに分割する変換工程と、
前記データベースに接続されたデータベースサーバに前記第1の問い合わせを送出して該データベースサーバから結果を取得する取得工程と、
暗号化処理または復号化処理を用いて前記第2の問い合わせを実行する工程と、を含む、データベース問い合わせ処理方法。 - 前記変換工程は、前記データベースへの問い合わせに含まれる選択条件を暗号化処理および復号化処理を必要としない第1の選択条件と暗号化処理または復号化処理を必要とする第2の選択条件とに分類し、該問い合わせに含まれるテーブルを該第1の選択条件のみに参照される第1のテーブルとそれ以外の第2のテーブルとに分類する工程と、
前記第1の選択条件および前記第1のテーブルに基づいて前記第1の問い合わせを生成し、前記第2の選択条件および前記第2のテーブルならびに前記データベースサーバから取得した前記第1の問い合わせの結果に基づいて前記第2の問い合わせを生成する工程と、を含む、請求項7に記載のデータベース問い合わせ処理方法。 - 前記変換工程において、複数の前記第1のテーブルを前記第1の選択条件に参照されるカラムを有するか否かに応じて分類することで、前記第1の問い合わせをさらに複数の問い合わせに分割し、
前記取得工程において、前記第1の問い合わせを分割して得られた複数の問い合わせを前記データベースサーバに送出し、該複数の問い合わせのそれぞれに対する処理結果を前記データベースサーバから取得する、請求項8に記載のデータベース問い合わせ処理方法。 - 前記第1の問い合わせを前記データベースサーバで処理したときの処理前後におけるデータ量の増減に応じて、前記第1の問い合わせを前記データベースサーバで実行すべきか否かを判定する判定工程と、
前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを第3の問い合わせに変換して実行する工程と、を含む、請求項7ないし9のいずれか1項に記載のデータベース問い合わせ処理方法。 - 前記判定工程において、前記第1の問い合わせを前記データベースサーバで実行したときの実行後のデータ量が実行前よりも増加する場合、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定する、請求項10に記載のデータベース問い合わせ処理方法。
- 前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを、前記第1のテーブルを前記データベースサーバから取得して実行される第4の問い合わせと、それ以外の第5の問い合わせとに分解することで、該第4の問い合わせと該第5の問い合わせとから成る前記第3の問い合わせを生成する工程と、
前記データベースサーバから前記第1のテーブルを取得して前記第4の問い合わせを実行するとともに、前記第5の問い合わせを実行する工程と、を含む、請求項11に記載のデータベース問い合わせ処理方法。 - データベースへの問い合わせを、暗号化処理および復号化処理を必要としない第1の問い合わせと暗号化処理または復号化処理を必要とする第2の問い合わせとに分割する変換処理と、
前記データベースに接続されたデータベースサーバに前記第1の問い合わせを送出して該データベースサーバから結果を取得する取得処理と、
暗号化処理または復号化処理を用いて前記第2の問い合わせを実行する処理と、をコンピュータに実行させる、プログラム。 - 前記変換処理は、前記データベースへの問い合わせに含まれる選択条件を暗号化処理および復号化処理を必要としない第1の選択条件と暗号化処理または復号化処理を必要とする第2の選択条件とに分類し、該問い合わせに含まれるテーブルを該第1の選択条件のみに参照される第1のテーブルとそれ以外の第2のテーブルとに分類する処理と、
前記第1の選択条件および前記第1のテーブルに基づいて前記第1の問い合わせを生成し、前記第2の選択条件および前記第2のテーブルならびに前記データベースサーバから取得した前記第1の問い合わせの結果に基づいて前記第2の問い合わせを生成する処理と、を含む、請求項13に記載のプログラム。 - 前記変換処理において、複数の前記第1のテーブルを前記第1の選択条件に参照されるカラムを有するか否かに応じて分類することで、前記第1の問い合わせをさらに複数の問い合わせに分割し、
前記取得処理において、前記第1の問い合わせを分割して得られた複数の問い合わせを前記データベースサーバに送出し、該複数の問い合わせのそれぞれに対する処理結果を前記データベースサーバから取得する、請求項14に記載のプログラム。 - 前記第1の問い合わせを前記データベースサーバで処理したときの処理前後におけるデータ量の増減に応じて、前記第1の問い合わせを前記データベースサーバで実行すべきか否かを判定する判定処理と、
前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを第3の問い合わせに変換して実行する処理と、を前記コンピュータに実行させる、請求項13ないし15のいずれか1項に記載のプログラム。 - 前記判定処理において、前記第1の問い合わせを前記データベースサーバで実行したときの実行後のデータ量が実行前よりも増加する場合、前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定する、請求項16に記載のプログラム。
- 前記第1の問い合わせを前記データベースサーバで実行すべきでないと判定された場合、前記第1の問い合わせを、前記第1のテーブルを前記データベースサーバから取得して実行される第4の問い合わせと、それ以外の第5の問い合わせとに分解することで、該第4の問い合わせと該第5の問い合わせとから成る前記第3の問い合わせを生成する処理と、
前記データベースサーバから前記第1のテーブルを取得して前記第4の問い合わせを実行するとともに、前記第5の問い合わせを実行する処理と、を前記コンピュータに実行させる、請求項17に記載のプログラム。
Priority Applications (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2014552098A JP6119766B2 (ja) | 2012-12-13 | 2013-12-13 | 中間サーバ、データベース問い合わせ処理方法およびプログラム |
EP20166860.5A EP3745293A1 (en) | 2012-12-13 | 2013-12-13 | Intermediate server, database query processing method and program |
EP13862815.1A EP2933750B1 (en) | 2012-12-13 | 2013-12-13 | Intermediate server, database query processing method and program |
US14/651,111 US9767294B2 (en) | 2012-12-13 | 2013-12-13 | Intermediate server, database query processing method and program |
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
JP2012-272790 | 2012-12-13 | ||
JP2012272790 | 2012-12-13 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2014092180A1 true WO2014092180A1 (ja) | 2014-06-19 |
Family
ID=50934461
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/JP2013/083447 WO2014092180A1 (ja) | 2012-12-13 | 2013-12-13 | 中間サーバ、データベース問い合わせ処理方法およびプログラム |
Country Status (4)
Country | Link |
---|---|
US (1) | US9767294B2 (ja) |
EP (2) | EP3745293A1 (ja) |
JP (1) | JP6119766B2 (ja) |
WO (1) | WO2014092180A1 (ja) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016148147A1 (ja) * | 2015-03-19 | 2016-09-22 | 株式会社日立製作所 | 秘匿データ処理システム |
US10706163B2 (en) | 2016-10-06 | 2020-07-07 | Fujitsu Limited | Encryption system, encryption method and encryption device |
Families Citing this family (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP6677887B2 (ja) * | 2016-03-28 | 2020-04-08 | 富士通クライアントコンピューティング株式会社 | メール配信プログラム、メールサーバ及びメール配信方法 |
US10635830B2 (en) * | 2016-11-29 | 2020-04-28 | Hound Technology, Inc. | Ingest proxy and query rewriter for secure data |
US10540356B2 (en) | 2017-10-25 | 2020-01-21 | International Business Machines Corporation | Transparent analytical query accelerator over encrypted data |
US10698883B2 (en) | 2017-10-25 | 2020-06-30 | International Business Machines Corporation | Data coherency between trusted DBMS and untrusted DBMS |
US10528557B1 (en) * | 2017-12-31 | 2020-01-07 | Allscripts Software, Llc | Database methodology for searching encrypted data records |
US10528556B1 (en) * | 2017-12-31 | 2020-01-07 | Allscripts Software, Llc | Database methodology for searching encrypted data records |
CN110830431A (zh) * | 2019-07-25 | 2020-02-21 | 杭州美创科技有限公司 | SQL Server数据库密码托管方法 |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002169808A (ja) * | 2000-11-30 | 2002-06-14 | Hitachi Ltd | セキュアマルチデータベースシステム |
JP2002297606A (ja) * | 2001-01-26 | 2002-10-11 | Hitachi Ltd | 問合せ内容を隠蔽可能なデータベースのアクセス方法およびシステム |
JP2005084841A (ja) * | 2003-09-05 | 2005-03-31 | Patolis Corp | データベース検索システム、データベース検索プログラム、データベース検索方法 |
JP2007500912A (ja) | 2003-06-11 | 2007-01-18 | オラクル・インターナショナル・コーポレイション | データベースのカラムを暗号化するための方法および装置 |
JP2010224655A (ja) | 2009-03-19 | 2010-10-07 | Hitachi Ltd | データベース処理方法、データベース処理プログラム、および、暗号化装置 |
Family Cites Families (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7228416B2 (en) | 2001-01-26 | 2007-06-05 | Hitachi, Ltd. | Database access method and system capable of concealing the contents of query |
JP3871301B2 (ja) * | 2001-05-15 | 2007-01-24 | インターナショナル・ビジネス・マシーンズ・コーポレーション | データベース検索装置、及びプログラム |
US7685437B2 (en) * | 2003-05-30 | 2010-03-23 | International Business Machines Corporation | Query optimization in encrypted database systems |
US20070174271A1 (en) * | 2005-02-18 | 2007-07-26 | Ulf Mattsson | Database system with second preprocessor and method for accessing a database |
US20070180275A1 (en) * | 2006-01-27 | 2007-08-02 | Brian Metzger | Transparent encryption using secure JDBC/ODBC wrappers |
US9213867B2 (en) * | 2012-12-07 | 2015-12-15 | Microsoft Technology Licensing, Llc | Secure cloud database platform with encrypted database queries |
GB2512062A (en) * | 2013-03-18 | 2014-09-24 | Ibm | A method for secure user authentication in a dynamic network |
-
2013
- 2013-12-13 US US14/651,111 patent/US9767294B2/en active Active
- 2013-12-13 EP EP20166860.5A patent/EP3745293A1/en active Pending
- 2013-12-13 WO PCT/JP2013/083447 patent/WO2014092180A1/ja active Application Filing
- 2013-12-13 JP JP2014552098A patent/JP6119766B2/ja active Active
- 2013-12-13 EP EP13862815.1A patent/EP2933750B1/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2002169808A (ja) * | 2000-11-30 | 2002-06-14 | Hitachi Ltd | セキュアマルチデータベースシステム |
JP2002297606A (ja) * | 2001-01-26 | 2002-10-11 | Hitachi Ltd | 問合せ内容を隠蔽可能なデータベースのアクセス方法およびシステム |
JP2007500912A (ja) | 2003-06-11 | 2007-01-18 | オラクル・インターナショナル・コーポレイション | データベースのカラムを暗号化するための方法および装置 |
JP2005084841A (ja) * | 2003-09-05 | 2005-03-31 | Patolis Corp | データベース検索システム、データベース検索プログラム、データベース検索方法 |
JP2010224655A (ja) | 2009-03-19 | 2010-10-07 | Hitachi Ltd | データベース処理方法、データベース処理プログラム、および、暗号化装置 |
Non-Patent Citations (2)
Title |
---|
SHIZUKA KANEKO: "Bloom Filter o Mochiita Privacy Hogo Kensaku System Semi-ShuffledBF no Toiawase Kosokuka ni Tsuite no Shokento", PROCEEDINGS OF THE 4TH FORUM ON DATA ENGINEERING AND INFORMATION MANAGEMENT (DAI 10 KAI THE DATABASE SOCIETY OF JAPAN NENJI TAIKAI, 13 July 2012 (2012-07-13), XP055263220 * |
TAKAYUKI MIYAZAKI: "Kensaku Koritsu o Jushi shita Privacy Hogogata Kensaku ni Okeru Tuple Joho no Roei o Boshi suru Sakuin Shuho", THE 5TH FORUM ON DATA ENGINEERING AND INFORMATION MANAGEMENT (DAI 11 KAI THE DATABASE SOCIETY OF JAPAN NENJI TAIKAI, 31 May 2013 (2013-05-31), XP055263234 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2016148147A1 (ja) * | 2015-03-19 | 2016-09-22 | 株式会社日立製作所 | 秘匿データ処理システム |
JP2016177400A (ja) * | 2015-03-19 | 2016-10-06 | 株式会社日立製作所 | 秘匿データ処理システム |
US10706163B2 (en) | 2016-10-06 | 2020-07-07 | Fujitsu Limited | Encryption system, encryption method and encryption device |
Also Published As
Publication number | Publication date |
---|---|
EP2933750A1 (en) | 2015-10-21 |
JP6119766B2 (ja) | 2017-04-26 |
US9767294B2 (en) | 2017-09-19 |
US20150317483A1 (en) | 2015-11-05 |
EP2933750B1 (en) | 2020-04-01 |
EP3745293A1 (en) | 2020-12-02 |
JPWO2014092180A1 (ja) | 2017-01-12 |
EP2933750A4 (en) | 2016-09-21 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP6119766B2 (ja) | 中間サーバ、データベース問い合わせ処理方法およびプログラム | |
JP5742849B2 (ja) | 暗号化データベースシステム、クライアント端末、暗号化データベースサーバ、自然結合方法およびプログラム | |
EP2778952B1 (en) | Database device, method and program | |
JP6180177B2 (ja) | プライバシーを保護することができる暗号化データの問い合わせ方法及びシステム | |
JP5776696B2 (ja) | 暗号化データベースシステム、クライアント端末、暗号化データベースサーバ、自然結合方法およびプログラム | |
US10664610B2 (en) | Method and system for range search on encrypted data | |
JP6035421B2 (ja) | 暗号化された文書についてのセキュアなブール検索を実行するための方法およびシステム | |
CN109815719A (zh) | 一种可搜索的数据库安全加密系统 | |
US20200344049A1 (en) | Conversion key generation device, ciphertext conversion device, privacy-preserving information processing system, conversion key generation method, ciphertext conversion method, and computer | |
KR20090068242A (ko) | 데이터베이스 내의 암호화된 열에 대한 범위 지정 탐색을 수행하는 방법, 원격 데이터베이스를 제공하여 원격 데이터베이스의 암호화된 열에 대해 범위 지정 탐색을 수행하는 방법 및 기계 판독가능 매체 | |
US9762384B2 (en) | Generation and verification of alternate data having specific format | |
US9037846B2 (en) | Encoded database management system, client and server, natural joining method and program | |
JPWO2014092105A1 (ja) | データベース検索装置、データベース検索方法及びプログラム | |
EP3264314B1 (en) | System and method for searching over encrypted data | |
CN114547078A (zh) | 基于隐私计算的联邦跨特征查询方法、装置、介质及设备 | |
CN113239395A (zh) | 数据查询方法、装置、设备、存储介质及程序产品 | |
Zhu et al. | Privacy Preserving Association Rule Mining Algorithm Based on Hybrid Partial Hiding Strategy | |
US20170352296A1 (en) | Encoding device | |
JPWO2017168798A1 (ja) | 暗号化検索インデックスマージサーバ、暗号化検索インデックスマージシステム、及び暗号化検索インデックスマージ方法 | |
Carvalho et al. | On the trade-offs of combining multiple secure processing primitives for data analytics | |
KR101944741B1 (ko) | 암호화 장치 및 방법 | |
Cruz et al. | On the Trade-Offs of Combining Multiple Secure Processing Primitives for Data Analytics | |
Vidhya et al. | Unique authentic approach for control list based global sharing | |
JP2014203065A (ja) | 検索データ保護装置、情報検索システム、検索データ保護方法、及びそのプログラム |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 13862815 Country of ref document: EP Kind code of ref document: A1 |
|
ENP | Entry into the national phase |
Ref document number: 2014552098 Country of ref document: JP Kind code of ref document: A |
|
WWE | Wipo information: entry into national phase |
Ref document number: 14651111 Country of ref document: US |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
WWE | Wipo information: entry into national phase |
Ref document number: 2013862815 Country of ref document: EP |