JP4875781B1 - Distributed data storage system - Google Patents

Abstract

A distributed data storage system that improves the availability of data without depending on a library or the like that implements secret sharing when storing a plurality of partial data generated from important data by a secret sharing technique in a plurality of data centers. I will provide a.
Each server 100 has a data storage unit 110 that stores partial data received from a client terminal 300. The client terminal 300 cannot restore important data unless k or more are collected from the important data by a secret sharing technique. A division processing unit 310 that generates n (k ≦ n) partial data, and n partial data and n copies stored in 2n servers 100 and m (k ≦ m ≦ n) having a distributed management unit 320 that collects partial data or copies from m servers 100 and a restoration processing unit 330 that restores important data from the m partial data or copies by a secret sharing technique .
[Selection] Figure 1

Description

  The present invention relates to electronic data storage technology, and more particularly to a technology effective when applied to a data distributed storage system that generates a plurality of non-critical data from important data by secret sharing technology and distributes and stores the data at a plurality of locations. is there.

  A company having an information system needs to take measures to protect important data such as highly confidential data in order to prevent an information security accident such as information leakage. On the other hand, various means for realizing these have been proposed.

  As a means for protecting important data, for example, it is conceivable that a company or the like stores important data in a data center where multiple security measures are taken. However, the construction and operation of a private data center that can be accessed from the outside requires a great load in terms of technology and cost, and cannot be easily realized.

  On the other hand, it is also possible to use a data center that is operated by a third party and provided as a service to the outside. However, storing important company data in a data center operated and managed by a third party involves a high security risk. In addition, storing important data in virtual data centers and virtual servers in cloud computing environments that have been increasingly used in recent years is extremely risky. Using it for construction is also one of the reasons why it is not popular.

  On the other hand, when important data is stored, the data is concealed or stored by taking measures to prevent tampering. In general, important data is encrypted and stored using an encryption key. In this case, the encrypted data includes all important data information. Therefore, for example, when encrypted data is acquired by a third party, important data is easily restored when the encryption key is also acquired and decrypted by the third party for some reason. Even if the encryption key is not acquired, since the encryption key has a finite length, theoretically, there is a possibility that important data may be restored from the encrypted data after a finite number of trials.

  On the other hand, a so-called secret sharing technique is also used as a method for strongly concealing important data. In secret sharing, important data is divided into non-important data that cannot be used by itself (important data cannot be recovered or guessed). Even if some non-important data is obtained by a third party, It is theoretically impossible to restore important data by a third party.

  Various secret sharing techniques have been proposed. For example, in Japanese Patent No. 4039810 (Patent Document 1), two or more information blocks are obtained by dividing an electronic information file into a plurality of information elements, selecting the divided information elements, and combining them in a different order. In this case, an information block that does not include all information elements unless all the information blocks are integrated is generated, and division information relating to the method divided into information elements and formation information relating to the method generating the information block A technology that secures the security of electronic information by generating divided extracted data that records information, storing at least one of each information block and divided extracted data in a certification authority, and separately storing the other separately Is disclosed.

  On the other hand, as a secret sharing technique that can restore important data if you collect more than a predetermined number of non-important data and information blocks corresponding to important data (sometimes referred to as “partial data” below) For example, a (k, n) threshold secret sharing method using polynomial interpolation as described in Non-Patent Document 1 has been conventionally used. According to this method, important data can be restored by collecting at least k pieces (k ≦ n) of n pieces of partial data. Various threshold secret sharing methods that further improve this method have also been proposed.

  In relation to this, for example, in JP 2009-139990 A (Patent Document 2), the data stored in the storage device is converted into a secret sharing method that requires a reference number of partial data at the time of restoration. When dividing data into a predetermined number of partial data equal to or greater than the reference number, a transmission unit that transmits partial data to another information processing device and deletes the partial data from the storage device, An information processing apparatus including an acquisition unit that acquires partial data from an information processing device and stores the partial data in a storage device, and a restoration unit that restores data on condition that a reference number of partial data is stored in the storage device is disclosed. ing.

Patent No. 4039810 JP 2009-139990 A

A. Shamir, "How to Share a Secret", Communications of the ACM, vol.22 no.11 pp.612-613, 1979.

  In recent years, as portable information processing terminals such as notebook PCs (Personal Computers) are widely used, there is an increased risk of information leakage due to theft or loss of these terminals themselves. For example, in a company that handles personal information or the like, if an employee or the like loses these terminals, a report or report to a supervisory authority may be required. However, in the past, the actual information leakage range could not be specified in most cases, and when it was lost, all data had to be reported as leaked or possibly.

  On the other hand, it is conceivable to reduce the risk of information leakage due to loss of the terminal by storing data including important data in the terminal in an external server or the like. At this time, the important data is not stored in an external server or the like as it is, for example, using the secret sharing technique described above, the important data is divided / distributed into non-important data to obtain partial data, which is By storing in a distributed manner on a server or the like, for example, the risk of information leakage can be reduced even when storing in a virtual data center or a virtual server in a cloud computing environment.

  In other words, partial data distributed and stored in each data center or the like does not make sense by itself, and the contents of important data cannot be restored or estimated from only the partial data. Therefore, not only the third party who illegally invaded the data center or server and acquired the partial data, but also, for example, an insider such as an administrator of each data center acquired the partial data maliciously. Even in this case, it is possible to prevent a situation in which the content of important data is leaked from the acquired partial data.

  In addition, when important data is divided / distributed into multiple partial data using secret sharing technology, even if a part of the partial data is lost, the original important data can be restored if a predetermined number of partial data can be collected. As a result, data availability can be improved. For example, when n partial data are generated from important data by (k, n) threshold type secret sharing, the important data can be restored if k or more partial data can be collected. In other words, it is possible to withstand the loss of up to (n−k) partial data.

  However, in the case where secure handling of important data is required in the implementation of an actual information system, the secret sharing technique described above is still not much compared to the encryption technique widely used in general. The current situation is not applied. For this reason, at the present time, there are limited secret sharing libraries having functions and performance that can withstand practical use from the viewpoints of actual use and processing speed.

  In these libraries, the availability obtained by secret sharing cannot be expanded or changed in many cases, for example, functions related to secret sharing are fixed or restricted, and the availability of data is used. The situation depends on the functions and specifications of the secret sharing library.

  Accordingly, an object of the present invention is to distribute and store a plurality of partial data generated from important data by a secret sharing technique in a plurality of data centers without depending on functions or specifications of a library or the like that implements secret sharing. To provide a distributed data storage system capable of improving availability.

  The above and other objects and novel features of the present invention will be apparent from the description of this specification and the accompanying drawings.

  Of the inventions disclosed in this application, the outline of typical ones will be briefly described as follows.

  A data distributed storage system according to a representative embodiment of the present invention generates partial data that is a plurality of non-important data from important data by secret sharing technology at a client terminal, and the partial data is transmitted via a network. A distributed data storage system that stores data in a plurality of connected servers, and has the following characteristics.

  That is, each of the servers has a data storage unit that stores the partial data received from the client terminal.

  Further, the client terminal generates n pieces (k ≦ n) of partial data that cannot be restored unless the k is collected from the important data instructed to be stored by the user by the secret sharing technique. The processing unit, the n pieces of partial data generated by the division processing unit, and n copies of the partial data are respectively stored in the data storage units of 2n servers, and the important data A distributed management unit for collecting m pieces (k ≦ m ≦ n) of different partial data or a copy of the partial data for restoring data from each of the m servers, and the user instructed to use the partial data For important data, from the m different pieces of partial data or a copy of the partial data obtained from the distributed management unit, the secret sharing technique And a restoration processing unit for restoring the serial important data.

  Among the inventions disclosed in the present application, effects obtained by typical ones will be briefly described as follows.

  According to a typical embodiment of the present invention, when a plurality of partial data generated from important data by a secret sharing technique is distributed and stored in a plurality of data centers, functions or specifications of a library or the like for implementing secret sharing are used. It becomes possible to improve the availability of data without depending on it.

It is the figure which showed the outline | summary about the structural example of the data distribution storage system which is one embodiment of this invention. It is the figure explaining the concept of the storage of the data in one embodiment of this invention. It is a figure explaining the example of the availability of the data in one embodiment of this invention. It is a figure explaining another example of the availability of the data in one embodiment of this invention. It is the figure shown about the example of selection of the server which stores the partial data in one embodiment of this invention. It is the figure which showed the outline | summary about the example of the flow of the authentication process in one embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described in detail with reference to the drawings. Note that components having the same function are denoted by the same reference symbols throughout the drawings for describing the embodiment, and the repetitive description thereof will be omitted.

<Overview>
The data distributed storage system according to an embodiment of the present invention generates a plurality of partial data from the important data by secret sharing technology when the user stores the user's important data on the client terminal. Send to multiple data center servers for distributed storage. At this time, a copy of each partial data is stored in a separate data center and duplicated. As a result, as described later, the availability of data can be greatly improved without depending on the functions and specifications of the secret sharing library to be used.

  In addition, by implementing a single sign-on mechanism for each data center and performing authentication processing using different unique information (key) at each data center during authentication, access to each data center can be made independent. Ensure safety and ensure security between data centers. As a result, even insiders such as managers of each data center can obtain only one partial data, and important data cannot be restored / inferred from the partial data. Data can be stored.

  FIG. 2 is a diagram for explaining the concept of data storage in the data distributed storage system of the present embodiment. The data distributed storage system 1 has a configuration in which a client terminal 300 and a plurality of data centers 10 (eight of 10a to h in the example of FIG. 2) are connected via a network (not shown). Here, the client terminal 300 is an information processing terminal that is normally used by a user for business or the like and performs processing such as input and reference of important data 500. For example, the client terminal 300 is a PC, a tablet terminal, a smartphone, a mobile phone, or the like. This applies to mobile terminals.

  The data center 10 is a base for storing and managing server devices. For example, a dedicated data center facility that can store a large number of server devices and perform advanced operations management, or a so-called container. It may be a portable data center such as a mold or module, or may be a non-dedicated facility such as a machine room in an office building. Further, it may be a virtual data center in a cloud computing environment. Each data center 10 according to the present embodiment includes one server (not shown) having a data storage unit 110 (110a to 110h in the example of FIG. 2) composed of storage devices and the like for holding and storing data. Has more than one unit.

  Each of these data centers 10 is preferably not related to each other geographically and organizationally. In other words, managers and the like access each other physically or electronically between the data centers 10 such as being in the same site or adjacent sites, or being operated by the same or related business operators, etc. It is desirable that the configuration is not possible.

  In the environment as described above, when the important data 500 existing in the client terminal 300 is securely stored based on an instruction from the user, first, the client terminal 300 uses the secret sharing technique from the important data 500. A plurality of partial data 510 (four items 510a to 510d in the example of FIG. 2) are generated. As described above, each partial data 510 is non-important data that does not make sense alone. The important data 500 is deleted to prevent leakage.

  The secret sharing technique (secret sharing algorithm) to be used is not particularly limited. For example, if k or more of n partial data 510 are collected, the important data 500 can be restored. A so-called (k, n) threshold type (1 <k ≦ n) secret sharing technique that cannot restore the data 500 can be used. Also, the values of k and n are not particularly limited, and can be appropriately determined according to requirements such as security strength, availability, and processing speed. Note that the value of n (the number of partial data 510 to be generated) is less than half of the number of data centers 10. In other words, 2n or more data centers 10 (eight in the example of FIG. 2) are made available for n partial data 510 (four in the example of FIG. 2).

  The generated four partial data 510 are duplicated by creating a copy, as shown in the figure, distributed and transmitted to the eight data centers 10 so as not to overlap, and distributedly stored in the data storage unit 110. That is, the partial data 510 generated from the same important data 500 (hereinafter, unless otherwise specified, the partial data 510 includes a copy) are stored separately in different data centers 10, and any two of them are stored. The above partial data 510 is prevented from being stored in the same data center 10. Each partial data 510 on the client terminal 300 is deleted to prevent leakage.

  As described above, the partial data 510 is generated from the important data 500 by the secret sharing technique and stored in each data center 10 to prevent leakage of the important data 500 due to theft or loss of the client terminal 300. it can. Since each data center 10 has only one partial data 510 for the important data 500, a third party enters the data center 10 to obtain the partial data 510 illegally, Even if an internal person such as an administrator of the system acquires partial data 510, only one partial data 510 can be obtained. Since the important data 500 cannot be restored / estimated only by the partial data 510, the contents of the important data 500 are not leaked.

  Further, when the data centers 10 are not related to each other geographically or organizationally, an internal person such as an administrator of the data center 10 accesses the other data center 10. This is also difficult together with the authentication processing described later. Therefore, for example, even if an insider such as an administrator of the data center 10 has malicious intent, the partial data 510 is illegally acquired from other data centers 10, and k or more pieces are collected to restore the important data 500. Can be prevented.

  Also, by storing each partial data 510 in a different data center 10 and duplicating it, it is not dependent on the functions and specifications of the secret sharing library to be used, and compared with the case of simple backup of normal data, Data availability for the required amount can be greatly improved.

  For example, when four pieces of partial data 510 are generated from the important data 500 by (3,4) threshold type secret sharing, and these are stored in four data centers 10 respectively, three pieces of the partial data 510 are collected. If possible, the original important data 500 can be restored. That is, it is possible to withstand the loss of the partial data 510 due to a failure or the like in one data center 10. On the other hand, as shown in the example of FIG. 2 described above, the four partial data 510 and their copies are distributed and stored in eight different data centers 10, respectively. As a result, the overall availability of data can be greatly improved.

  3 and 4 are diagrams for explaining an example of data availability in the data distributed storage system according to the present embodiment. In the example of FIG. 3, as shown in the example of FIG. 2, five data centers 10 a, c, d, f, and h are stored in a state where the partial data 510 is duplicated and stored in eight data centers 10. Shows a state in which the partial data 510 cannot be acquired due to a failure or the like. Even in such a case, when the three different partial data 510a, b, c can be collected from the remaining three data centers 10b, e, g that are operating normally, and the important data 500 can be restored. It shows that there is.

  On the other hand, as shown in the example of FIG. 4, even if there are less than five data center 10 failures, etc., when the failure or the like is biased to the data center 10 storing the specific partial data 510 and its copy, etc. In some cases, the important data 500 cannot be restored. In the example of FIG. 4, the partial data 510 cannot be acquired due to a failure or the like in the four data centers 10c, d, g, and h. In this case, only two pieces of partial data 510 a and b can be collected as different partial data 510, and the important data 500 cannot be restored.

  Here, in the state shown in the example of FIG. 4, if any one of the data centers 10 that are faulty is operating normally, the partial data 510 that can be acquired from the data center 10. Is either partial data 510c or d, so that it is possible to collect three different partial data 510 as a whole, together with the obtainable partial data 510a, b, and to restore the important data 500 It becomes. From here, as long as there are three data center 10 faults, etc., any data center 10 fault can always collect three or more different partial data 510 and restore important data 500. It turns out that it is possible.

  As described above, for example, when the four partial data 510 are generated from the important data 500 by (3,4) threshold type secret sharing, and these are stored in the four data centers 10 in a distributed manner, one of the data is stored. It can withstand obstacles at the center 10. Here, as shown in the example of FIG. 2, when the four partial data 510 and their copies are duplicated and stored in eight different data centers 10, the amount of resources required to store the data is doubled. Necessary. On the other hand, the number of failures of the data center 10 that can be tolerated is not doubled to two, but as described above, the minimum is three and the maximum is five, and the data availability as a whole is more than doubled. Will improve.

  When the above contents are generalized, n partial data 510 are generated from the important data 500 by (k, n) threshold type secret sharing, and these are distributed and stored in n different data centers 10. A data center that can withstand failures of (n−k) data centers 10, but can withstand when n partial data 510 and copies thereof are distributed and stored in 2n different data centers 10. The number of 10 faults and the like is not twice (2 (n−k)) but at least (2 (n−k) +1) and at most (2n−k). Here, in the case of 1 <k ≦ n, since 2 (n−k) <(2 (n−k) +1) <(2n−k), the data availability as a whole is improved more than twice. become.

<System configuration>
Below, the system configuration | structure of the data distribution storage system 1 of this Embodiment is demonstrated. FIG. 1 is a diagram showing an outline of a configuration example of a data distributed storage system 1 according to an embodiment of the present invention. The data distributed storage system 1 has a configuration in which a plurality of servers 100, a master server 200, and client terminals 300 are connected to a network 400 such as the Internet. As described above, it is assumed that each server 100 is managed and managed in the data center 10 that is not related to each other both geographically and organizationally. In addition, the number of servers 100 (data centers 10) is 2n or more available for n partial data 510 generated from important data 500 by (k, n) threshold type secret sharing. To.

  The server 100 is a computer system composed of server devices. As a file server or a storage server, the server 100 accepts access from the client terminal 300 after user authentication and provides a data (partial data 510) storage service. It has a function. The server 100 includes, for example, a data storage unit 110 including a storage device such as a magnetic disk and an authentication processing unit 120 implemented by a software program. The data storage unit 110 reads and writes specified data based on an instruction from an OS (Operating System) or the like.

  The authentication processing unit 120 performs an authentication process for access to the server 100. The authentication processing unit 120 includes user information 130 including account information for each user as information used when performing authentication processing. The user information 130 is configured by, for example, a database, a file table, or the like. For example, for each registered user ID of the registered user, the user seed 131 as unique information that is different for each user and the password are hashed by a predetermined procedure. Account information such as hashed password 132 is included. In addition, the authentication processing unit 120 has a server seed 140 as unique information that is different for each server.

  In the present embodiment, as will be described later, the authentication processing unit 120 performs authentication processing with the client terminal 300 by a challenge / response method. That is, in response to the authentication request from the user, the server seeds 140, the user seeds 131, and a random number as a challenge are transmitted. Further, the hashed hash value is received as a response from the client terminal 300, and authentication is performed by comparing the received hash value with the hashed password 132 hashed by the random number. . Therefore, the authentication processing unit 120 has a random number generation function and a hash algorithm. In addition, various known techniques and algorithms can be used for these implementations. When security of the communication path between the server 100 and the client terminal 300 is secured, a method other than the challenge / response method may be adopted.

  The master server 200 is a computer system composed of server devices, PCs, and the like, and generates and provides user seeds 131 and server seeds 140 held in each server 100. Since it is not a so-called authentication server that performs authentication on behalf of each server 100, it does not have a user authentication function. The master server 200 includes, for example, a seed generation unit 210 that is implemented by a software program. The seeds generation unit 210 generates seeds based on an instruction from an administrator or the like or a request from each server 100, and provides the seeds as user seeds 131 or server seeds 140 to the target server 100 via the network 400.

  The seed generation method and the seed format are not particularly limited. For example, a unique character string or binary data having a predetermined length can be generated and used as a seed. Note that the master server 200 may be installed in the data center 10 independent of the other servers 100, or installed in the same data center 10 as any one of the servers 100 with a configuration accessible from the outside. May be.

  The client terminal 300 generates a plurality of partial data 510 from the important data 500 using a secret sharing technique, and further generates a copy of each partial data 510 so that each server 100 (each data center) does not overlap each other. 10), and a function for distributing and storing the data in the data storage unit 110. The client terminal 300 includes, for example, a distribution processing unit 321 implemented by a software program, a distribution management unit 320, a restoration processing unit 330, an authentication request unit 340, an interface unit 350, and a distribution status 321 including a database or a file table. And each table of setting information 301.

  The division processing unit 310 performs a plurality of partial data to be distributed and stored in each server 100 by secret sharing according to the setting contents of the setting information 301 from the important data 500 instructed to be securely stored by the user via the interface unit 350 described later 510 is generated. As described above, the secret sharing technique is not particularly limited, and a known (k, n) threshold type secret sharing technique can be used. In the setting information 301, for example, information for specifying the secret sharing algorithm to be used and parameters such as k and n can be set in advance.

  When the important data 500 is stored in a distributed manner, the distribution management unit 320 generates a copy of each partial data 510 generated by secret sharing by the division processing unit 310, and creates a predetermined copy based on the setting contents of the setting information 301. Are transmitted to each server 100 according to the above conditions and distributedly stored, and information related to correspondence with which server 100 each partial data 510 is stored is recorded in the distributed status 321 and managed.

  Various methods for determining in which server 100 to store each partial data 510 can be considered. FIG. 5 is a diagram illustrating an example of selection of the server 100 that stores the partial data 510. In the example of FIG. 5, four pieces of partial data 510 generated by (3,4) threshold type secret sharing from each important data 500 (“important data α”, “important data β”, “important data γ”,...). (“A”, “B”, “C”, “D”) and their copies (“a”, “b”, “c”, “d”), 10 servers 100 (“server” 8 shows a case where eight servers 100 serving as storage destinations are selected and assigned from # 1 "to" Server # 10 ").

  For example, the servers 100 ("Server # 1" to "Server # 10") are ordered in accordance with a priority or the like based on random or specs, etc., and then the servers 100 that are not operating due to a failure or the like at that time (see FIG. In the example of 5, 2n servers 100 may be sequentially selected according to the order of the list after excluding “server # 6” when storing “important data γ”. At this time, 2n servers 100 may be selected from the top of the list (for example, “Server # 1”) each time, or as shown in the example of FIG. 5, important data for storing the starting point for selection The server 100 to be selected may be rotated by shifting every 500.

  By rotating the server 100 to be selected, the partial data 510 can be distributed and stored differently for a plurality of important data 500. Thereby, for example, a failure or the like in a plurality of servers 100 (in the example of FIG. 5, four shaded “server # 1”, “server # 2”, “server # 5”, “server # 6”) If the acquisition of the partial data 510 becomes impossible, the range of the important data 500 that cannot be restored is limited to a part (only “important data α” in the example of FIG. 5), and all the important data 500 cannot be restored. Can be prevented.

  Various methods for assigning the partial data 510 to the selected 2n servers 100 can be considered. For example, as shown in the example of FIG. 5, n partial data 510 and n copies may be sequentially assigned to a list of 2n servers 100, or each partial data 510 may be assigned to each list. You may make it allocate at random. Further, for example, a list of 2n servers 100 is divided into two groups in advance based on the geographical distance so that a certain partial data 510 and a copy thereof are not stored in the server 100 (data center 10) that is geographically close to each other. After the classification, consideration may be given such that the partial data 510 and its copy are separately allocated to the servers 100 belonging to the respective groups.

  For the setting information 301, for example, access information (IP address, host name, etc.) for each server 100 serving as a distributed storage destination, 2n servers 100 are selected from the plurality of servers 100, and partial data 510 and its copy Can be set in advance, such as a priority or an order for the server 100, an ordered list, a rotation method, and the like.

  Also, the distribution management unit 320 is based on the contents of the distribution status 321 and the setting contents of the setting information 301 based on a request from the restoration processing unit 330 when the important data 500 is restored by the restoration processing unit 330 described later. In accordance with a predetermined condition, m different partial data 510 (or copies) for restoring the important data 500 are collected from each server 100 and transferred to the restoration processing unit 330.

  Note that the number m of the partial data 510 to be collected needs to be equal to or greater than the threshold value k necessary for restoring the important data 500, and all the n partial data 510 may be collected ( k ≦ m ≦ n). The setting information 301 includes, for example, partial data 510 from the target server 100 depending on criteria, conditions, failures, and the like for selecting the target m servers 100 when m is m or n <n. A determination method of the server 100 as an alternative in the case where the data cannot be acquired (for example, whether to acquire a copy of the partial data 510 that could not be acquired, whether to acquire other partial data 510, or the like) is set in advance. Can do.

  Note that, for example, when any of the n pieces of partial data 510 and a copy thereof cannot be stored in each server 100 due to a failure of the server 100 or when the partial data 510 is collected, When it is not possible to collect k or more different items, an error may be returned to the user. Further, when the partial data 510 is transmitted / received to / from each server 100, the client terminal 300 and each server 100 perform predetermined encryption on the partial data 510 to transmit / receive information, thereby leaking information. This risk may be further reduced.

  The restoration processing unit 330 stores, in the distributed management unit 320, more than the number of different pieces of partial data 510 necessary for restoring important data 500 instructed to be used for reference or editing by the user via the interface unit 350. Requested and acquired, and the important data 500 is restored from the acquired partial data 510 by a secret sharing technique.

  The authentication request unit 340 requests authentication of each server 100 when the distributed management unit 320 stores the partial data 510 in a distributed manner for each server 100 and collects the partial data 510 from each server 100. For example, an input of a user ID and a password is accepted from a user via a login screen, and individually or in parallel with the authentication processing unit 120 of each server 100 by a challenge / response method or the like, as will be described later. Implementing the authentication process realizes the single sign-on function.

  Here, as will be described later, based on the server seeds 140, the user seeds 131, and the random numbers transmitted from the authentication processing unit 120 of the server 100 in response to the transmission of the authentication request, the password designated by the user is set in a predetermined procedure. Is hashed and transmitted to the authentication processing unit 120 of the server 100 for authentication processing. Accordingly, the authentication request unit 340 is implemented with the same hash algorithm as that implemented by the authentication processing unit 120 of the server 100.

  The interface unit 350 has a user interface such as a screen display in the client terminal 300 and an input / output function such as data transmission / reception. The user can use the function of the data distributed storage system 1 by using, for example, a file management screen of a general OS.

  For example, on the file management screen, important data is moved to a specific folder or the like by a simple operation such as drag and drop. With this as a trigger, the division processing unit 310 and the distribution management unit 320 automatically generate n pieces of partial data 510 from the important data 500 by (k, n) threshold type secret sharing, It can be distributed and stored in each server 100 without making the user aware of it. As described above, the important data 500 is deleted from the client terminal 300 at this time. However, for example, a dummy file corresponding to the important data 500 is created on the file management screen so as not to make the user aware of it. Leave it.

  Further, for example, the user performs operations such as reference and editing on the important data 500 by performing operations on the dummy file or the like of the important data 500 managed in a specific folder on the file management screen. be able to. That is, using the operation on the dummy file or the like as a trigger, the distribution management unit 320 and the restoration processing unit 330 automatically change m important data 500 corresponding to the dummy file or the like from each server 100 (k ≦ m ≦ n). Can be collected and the important data 500 can be restored and made available to the user.

<Authentication process>
Below, the content of the authentication process in the data distribution storage system 1 of this Embodiment is demonstrated. In the data distributed storage system 1 according to the present embodiment, as described above, when the partial data 510 is distributed and stored in the plurality of servers 100 and when the partial data 510 is collected from the plurality of servers 100, In order to avoid the complexity associated with individual authentication processing for each server 100, a single sign-on mechanism is provided.

  As a technique for realizing a single sign-on environment, for example, each server 100 communicates between servers 100 using a SAML (Security Assertion Markup Language) protocol or the like, and authentication is performed by a specific server such as an authentication server. There is a technique that eliminates the need for re-authentication by the user at each server 100 by automatically taking over the resulting information.

  However, the single sign-on environment based on such a method is premised on the establishment of a trust relationship that allows the server 100 to take over and accept authentication information, such as an in-house system on an intranet. Accordingly, when each data center 10 is not geographically or organizationally related as in the present embodiment, such a trust relationship may not be established due to a security relationship or the like.

  In addition, when the single sign-on method as described above is used in such an environment, for example, in a certain server 100, authentication information acquired from an authentication server or the like for user authentication processing is stored in a malicious internal manner. It is also conceivable that a user accesses the other server 100 illegally and acquires partial data 510 stored in the other server 100. Accordingly, in the environment of the distributed data storage system 1 as in the present embodiment, it is necessary to consider security for preventing unauthorized acquisition of the partial data 510 between the servers 100 (data centers 10).

  In the present embodiment, for example, the authentication result of a representative authentication server or the like is not an authentication method in which each server 100 is inherited by the SAML protocol or the like, but unique information (key) that is different between the data centers 10 is used. By performing the authentication process individually, it has a mechanism that allows access to each data center 10 independently and safely, and ensures security between the data centers 10.

  As an initial state for performing the authentication process, it is assumed that each server 100 holds a seed generated by the seed generation unit 210 of the master server 200 as a server seed 140 in advance. Furthermore, initial registration of account information including a user ID, a password, and the like is performed in advance by each user. At this time, as account information, the seeds generated by the seed generation unit 210 of the master server 200 are stored as user seeds 131 for each user ID. Further, the password is stored as a hashed password 132 hashed by a predetermined hash algorithm using the user seeds 131 and the server seeds 140 as seed values.

  By not holding the password directly, the leakage of the password can be prevented. In addition, hashing is performed by using a unique user seed 131 for each user as a seed value, so that, for example, even when the same password is accidentally specified by a plurality of users, the hash value may be different for each user. it can.

  FIG. 6 is a diagram showing an outline of an example of the flow of authentication processing in the present embodiment. First, the user requests authentication (login) via the authentication request unit 340 of the client terminal 300. At this time, for example, user ID and password information are specified via a login screen or the like. The authentication request unit 340 transmits an authentication request including the designated user ID to the server 100 (S01).

  Upon receiving the user ID, the authentication processing unit 120 of the server 100 generates a random number as a challenge in the challenge / response method, acquires seeds, and transmits them to the client terminal 300 (S02). Here, in addition to the random number, the server seed 140 and the user seed 131 corresponding to the user ID held in the user information 130 are acquired.

  The server seed 140, the user seed 131, and the authentication request unit 340 of the client terminal 300 that has received the random number hash the password specified in step S01 with a predetermined hash algorithm (S03). Further, the hash value obtained in step S03 is hashed using the user seeds 131 as a seed value (S04). Furthermore, the hash value obtained in step S04 is hashed using the server seeds 140 as a seed value (S05). Further, the hash value obtained in step S05 is made one-time by hashing using a random number as a seed value, and the obtained hash value is transmitted to the server 100 (S06).

  Note that the series of hashing procedures in steps S03 to S05 described above is merely an example, and other procedures that can obtain equivalent results are naturally possible. However, the password is hashed in advance during user registration. It is necessary to use the same procedure as the hashing process when the hashed password 132 is acquired. Further, for example, when an instruction to update the password is received from the server 100 in step S02, the password (and hash) is executed before executing step S03 as necessary. Update password 132) may be updated.

  Upon receiving the hash value, the authentication processing unit 120 of the server 100 acquires the hashed password 132 corresponding to the target user ID from the user information 130 (S07), and the random number generated in step S02 is the acquired hashed password 132. Is hashed as a seed value (S08). Thereafter, authentication processing is performed by comparing the obtained hash value with the hash value received from the client terminal 300 in step S07, and the authentication result is transmitted to the client terminal 300 (S09). That is, if the two match as a result of the comparison, the authentication is established, and if the two do not match, the authentication is not established. At this time, for example, information related to the location of the transmission source such as the IP address is acquired from the request message from the client terminal 300, and other conditions such as whether or not the information is within a predetermined range are successful or unsuccessful. It may be added to the judgment.

  The authentication request unit 340 of the client terminal 300 receives the authentication result (S10), and then automatically performs the above-described series of processes sequentially for the other servers 100 as necessary, and authenticates each server 100. Process. Since the authentication processing in each server 100 is independent, the above-described series of processing can be performed simultaneously on a plurality of necessary servers 100 in parallel. The necessary server 100 information may be set in advance in the setting information 301 of the client terminal 300, for example, or selected by the distribution management unit 320 at the time of distributed storage or collection of the partial data 510. The server 100 may be the target.

  With the above processing, the user can perform authentication processing for each necessary server 100 only by specifying the user ID and password once.

  By taking the above-described method, for example, an administrator of a certain server 100 or data center 10 acquires account information such as the user's seed 131 or hashed password 132 of the target user from his / her user information 130. However, it is not possible to authenticate other servers 100 (data center 10) by impersonation using these pieces of information, and security between the servers 100 is ensured.

  This is because the value of the user's hashed password 132 in a certain server 100 is hashed by its own server seeds 140, and the user's hashed password 132 in the other server 100 is stored in the other server 100. This is because the value is different because it is hashed by 100 server seeds 140. Therefore, even if both are hashed using the same random number as a seed value, the same hash value is not obtained, and authentication is not established in step S09 in FIG. Further, even if the server seeds 140 of the other server 100 are acquired by some means, a hash value having the same value as the hashed password 132 in the other server 100 is generated unless the password of the target user is known. It is not possible.

  As described above, according to the data distributed storage system 1 according to an embodiment of the present invention, the partial data 510 is generated from the important data 500 by the secret sharing technique and is distributed and stored in each data center 10. The leakage of the important data 500 due to theft or loss of the client terminal 300 can be prevented. Since each data center 10 has only one partial data 510 for the important data 500, a third party enters the data center 10 to obtain the partial data 510 illegally, Even if an internal person such as an administrator of the system acquires partial data 510, only one partial data 510 can be obtained. Since the important data 500 cannot be restored / estimated only by the partial data 510, the contents of the important data 500 are not leaked.

  Further, when each partial data 510 is transmitted to a plurality of data centers 10 and distributedly stored, a copy of each partial data 510 is stored in a separate data center 10 and duplicated. As a result, the availability of data can be greatly improved as compared with the required increase in resources, without depending on the functions and specifications of the secret sharing library to be used.

  In addition, by performing authentication using unique information (server seeds 140) that is different for each server 100, an internal person such as an administrator of the data center 10 may access other data centers 10 with malicious intent. Since this is difficult, it is possible to ensure security for preventing unauthorized acquisition of the partial data 510 between the data centers 10.

  In addition, single sign-on for a plurality of servers 100 can be realized by a single authentication process from the client terminal 300 by a user, and authentication on each server 100 can be performed simultaneously in parallel. Therefore, in the distributed storage of the partial data 510 generated from the important data 500 and the collection of the partial data 510 exceeding the number necessary for restoring the important data 500, the time required for authentication is reduced and the deterioration of the response is suppressed. It becomes possible to do.

  As mentioned above, the invention made by the present inventor has been specifically described based on the embodiment. However, the present invention is not limited to the embodiment, and various modifications can be made without departing from the scope of the invention. Needless to say.

  INDUSTRIAL APPLICABILITY The present invention can be used in a data distributed storage system that generates a plurality of non-important data from important data using a secret sharing technique and distributes and stores the data at a plurality of locations.

1 ... Data distributed storage system,
10, 10a-h ... data center,
DESCRIPTION OF SYMBOLS 100 ... Server, 110, 110a-h ... Data storage part, 120 ... Authentication process part, 130 ... User information, 131 ... User seed, 132 ... Hash password, 140 ... Server seed,
200: Master server, 210: Seeds generation unit,
300 ... Client terminal 301 ... Setting information 310 ... Division processing unit 320 ... Distribution management unit 321 ... Distribution status 330 ... Restore processing unit 340 ... Authentication request unit 350 ... Interface unit
400 ... Network,
500: important data, 510a to d: partial data.

Claims (7)

A data distributed storage system that generates a plurality of partial data, which are non-critical data, from secret data using a secret sharing technique at a client terminal, and distributes and stores each partial data on a plurality of servers connected via a network. And
Each of the servers has a data storage unit that stores the partial data received from the client terminal,
The client terminal generates n pieces (k ≦ n) of partial data that cannot be restored unless the k is collected from the important data instructed to be stored by the user by the secret sharing technique. When,
The n pieces of partial data generated by the division processing unit and n copies of each piece of partial data were selected from 2n or more servers by sequentially rotating each important data to be stored. 2 m pieces of the partial data or copies of the partial data are stored in the data storage units of the 2n servers, and m (k ≦ m ≦ n) of the partial data for restoring the important data. A distributed management unit to collect each from the server;
A restoration processing unit that restores the important data from the m different partial data or a copy of the partial data acquired from the distribution management unit by the secret sharing technique for the important data instructed to be used by the user; A distributed data storage system comprising: The data distributed storage system according to claim 1 ,
Each of the servers further includes an authentication processing unit that performs an authentication process for access to the server,
The client terminal is further configured to store the partial data or a copy of the partial data in the servers, and collect the partial data or the partial data from the servers. An authentication request unit that receives a user ID and password designation from the user and sequentially or in parallel sends authentication requests to the servers;
The authentication processing unit of the server includes server seeds that are unique information different for each server, user seeds that are unique information different for each user for each registered user ID, and a password for the user. User information holding account information including a hashed password hashed in a predetermined procedure using the server seeds and the user seeds, and for the authentication request received from the client terminal, The server seeds and the user seeds related to the target user and the generated random number are transmitted to the client terminal,
The authentication request unit of the client terminal hashes the password designated by the user using a predetermined procedure using the server seeds and the user seeds received from the server, and further hashed using the random numbers. Sending a hash value to the server;
The authentication processing unit of the server performs authentication by comparing the hash value received from the client terminal with a value obtained by hashing the hashed password relating to the target user using the random number, and performing authentication. A data distributed storage system, wherein a result is transmitted to the client terminal. The data distributed storage system according to claim 2 ,
The data distributed storage system further comprising a master server connected to the network and generating and providing a seed value serving as the seed for each server based on a request from each server. In the data distribution storage system of any one of Claims 1-3 ,
The distribution management unit of the client terminal copies the partial data and the partial data when the n partial data and the n copies of the partial data are stored in 2n servers. A data distributed storage system, wherein information relating to correspondence with which of the servers is stored is recorded in a distributed status recording unit. In the data distribution storage system of any one of Claims 1-4 ,
The client terminal stores k, m, and n values related to the secret sharing technique, access information for each server, and the distribution management unit stores n pieces of partial data and n copies of the partial data. Conditions for selecting 2n servers to be targeted, conditions for selecting m servers for which the distributed management unit collects m different partial data or copies of the partial data, and the distribution Among the determination methods of the server as an alternative when the management unit cannot acquire the partial data or the copy of the partial data from the server, at least one piece of information has preset setting information A featured distributed data storage system. In the data distribution storage system of any one of Claims 1-5 ,
When the distribution management unit of the client terminal stores the n pieces of partial data and the n copies of the partial data in 2n servers, respectively, the n partial data and the part If both copies of data could not be stored on the server, or if k different partial data or copies of the partial data were collected from the server, respectively, k or more could not be collected, A distributed data storage system characterized by responding an error to a user. In the data distribution storage system of any one of Claims 1-6 ,
The data distribution, wherein the client terminal and each server encrypt the partial data or the copy of the partial data to be transmitted by a predetermined means when transmitting or receiving the partial data or the copy of the partial data Storage system.

Images