JP2011175578A - System and method for data backup - Google Patents

Abstract

A data storage service system operated by a third party ensures data safety and allows data to be stored.
A server 101 that generates data, a plurality of data storage services 103 and 104 that store data, and a backup proxy 102 that processes data to be stored from the server 101 and distributes and stores the data in a plurality of data storage services With. The encryption means possessed by the backup proxy 102 encrypts the data to be stored from the server 101, divides the encrypted backup data so as to divide the block that is the encryption processing unit, and the divided data blocks are continuously The divided data is combined so as not to be included, the combination information is recorded in the registration table, and the combined data is distributed and stored in the plurality of data storage services 103 and 104.
[Selection] Figure 1

Description

  The present invention relates to a data backup system and a data backup method, and in particular, when data in an application or the like is stored on a data storage service system operated by a third party, the data is secured and stored. The present invention relates to a data backup system and a data backup method.

  As a conventional technique related to a method for safely storing data, for example, a technique described in Patent Document 1 is known. In this prior art, when multimedia data is distributed and stored in a plurality of locations on the network, the original data is divided after being processed such as encryption or addition of dummy information, It is intended to realize safe data storage by performing processing such as encryption and addition of dummy information to the divided data.

JP 2003-244598 A

  Encrypted data has the same amount of information as the plaintext content if there is the entire ciphertext, and there is a risk of being decrypted. The prior art described above can avoid the above-mentioned danger to some extent by storing the encrypted data in a distributed manner, but the divided data pieces include a certain number of continuous data strings. If this is the case, a part of the plaintext will be held as information, which again causes a problem that the encrypted data may be decrypted.

  SUMMARY OF THE INVENTION An object of the present invention is to solve the above-mentioned problems of the prior art, and to ensure that data can be stored and stored on a data storage service system operated by a third party. To provide a backup method.

  According to the present invention, the object is to provide a data backup system for storing data on a data storage service system operated by a third party, one or a plurality of servers for generating data to be backed up by an application or the like, and backup data. A plurality of data storage service systems to be stored; and a backup proxy that processes backup data to be stored from the server and distributes and stores the backup data in the plurality of data storage service systems, wherein the backup proxy includes data encryption means And a registration table for registering and managing stored data, and the encryption means encrypts backup data to be stored from the application, and divides the encrypted backup data into blocks that are encryption processing units. Divided and divided into As data blocks are not included in succession, combining the divided data, and records the combination information in the registration table and the combined data is accomplished by dispersing stored in the plurality of data storage service system.

  According to the present invention, even if one of the divided data stored in a plurality of data storage service systems is stolen, the amount of information necessary for generating plaintext is not complete, so the data is decrypted. Data security can be ensured.

It is a block diagram which shows the structure of the data backup system by one Embodiment of this invention. It is a block diagram which shows the structure of backup proxy. It is a figure which shows the structure of DataDB. It is a figure which shows the structure of Lacate DB. It is a flowchart explaining the backup process of the application data in the data backup system by embodiment of this invention. It is a flowchart explaining the restoration process of application data in the data backup system by embodiment of this invention. It is a flowchart (the 1) explaining the detail of the processing operation by a data mixing program. It is a flowchart (the 2) explaining the detail of the processing operation by a data mixing program. It is a flowchart explaining the detail of the processing operation in a data recovery program.

  Hereinafter, embodiments of a data backup system and a data backup method according to the present invention will be described in detail with reference to the drawings.

  FIG. 1 is a block diagram showing a configuration of a data backup system according to an embodiment of the present invention.

  As shown in FIG. 1, a data backup system according to an embodiment of the present invention includes one or a plurality of servers 101 each of which is an information processing device including a storage device such as a CPU, a memory, an HDD, and an input / output device, The backup proxy 102 and a plurality of online storage services A 103 and B 104 are configured to be connectable via the network 105.

  In the above description, the server 101 is a desktop PC or blade PC that operates a service system such as a Web application and generates data to be stored. The backup proxy 102 is an information processing apparatus such as a server that processes the data to be backed up from the server 101 and distributes and stores the data in A103 and B104 in a plurality of online storage services described later. The online storage services A103 and B104 are information processing systems that provide services for storing service user data from the server, and are data storage service systems that are usually operated by a third party. The network 105 is the Internet, an intranet, or a mixed network of the servers 101, the backup proxy 102, the online storage services A103, B104, and the like that can communicate with each other.

  FIG. 2 is a block diagram showing the configuration of the backup proxy 102.

  As shown in FIG. 2, the backup proxy 102 includes a CPU 201 that executes a program, a memory 202 that loads a program and data, a communication unit 203 that exchanges data with other information processing apparatuses, instructions, An input unit 204 that inputs data, an output unit 205 that outputs a system state, a data mixing program 208, a data recovery program 209, a Data DB 210, a Locate DB 211, a Key 212, a File Local 213, a Data Name 214, num A storage device 206 such as an HDD in which 215 is stored is connected via a bus 207.

  Data DB 210 and Locate DB 211 will be described later.

  A key 212 is an encryption key used when the data mixing program 208 and the data recovery program 209 perform encryption processing and decryption processing on application data and backup data.

  File Local 213 is a storage area for storing application data during processing by data mixing program 208, and does not hold data when the system is activated.

  Data Name 214 is a file name of application data held by the data mixing program 208 during processing.

  num 215 is a serial number used when the data mixing program 208 creates new backup data.

  The communication unit 203 has a function of performing communication with the server 101 and the online storage services A 103 and B 104 via the network 105 using a wired or wireless LAN. The input unit 204 includes input means such as a keyboard, a mouse, a pen input, a voice input, a button, a jog dial, and a cross key. The output unit 205 includes output means such as a display, a printing device, and an audio output device.

  The data mixing program 208 encrypts and decomposes application data (hereinafter referred to as application data) to be stored as backup data acquired from one or a plurality of servers 101, and reconfigures the data into a plurality of backup data. It is a program as an encryption means for storing in a plurality of online storage services A103 and B104. The data recovery program 209 is a program that acquires a plurality of encrypted data corresponding to designated application data from the online storage services A103 and B104, decomposes and decrypts them, and recovers application data.

  The Data DB 210 is a database that stores application data list information from the server 101 managed by the backup proxy 102.

  FIG. 3 is a diagram showing the configuration of the Data DB 210. Data DB 210 is an application data that is an identifier including item number 301 that is an identifier for uniquely identifying a record in the table, and date and time (year, month, day, and time) information when a backup of the data to be managed is acquired. A plurality of records including a name 302, a server address 303 that is a network address of the above-described application data transmission source server, and a processing flag 304 that indicates whether the corresponding application data is mixed by the data mixing program 208 are stored. ing.

  The Lacate DB 211 is a database that stores correspondence information between application data from the server 101 and backup data stored in the online storage services A 103 and B 104 by the backup proxy 102.

  FIG. 4 is a diagram showing the configuration of Lacate DB 211. The Lacate DB 211 is a registration table for registering and managing a combination when storing the storage data of a plurality of divided and encrypted applications in combination, and is an identifier that uniquely identifies a record in the table 401, a backup file name 402 that is an identifier of data on the online storage services A 103 and B 104, an application data name i 403 and an application data name ii 404 that are identifiers of data to be managed, and an application data storage area. A plurality of records having the storage block number 405 shown in FIG.

  The record of item number 1 in Lacate DB 211 shown in FIG. 4 has File (1) and File (2) (not shown) as backup file names, DateA20090707 and DateA20090708 as application data name i 403 and application data name ii404. It shows that the two application data possessed are stored in three blocks. Similarly, the record of item number 2 has File (3) and File (4) (not shown) as backup file names, and has DateA20090709 and DateA20090710 as application data name i 403 and application data name ii404. It shows that one application data is stored in five blocks.

  FIG. 5 is a flowchart for explaining a backup process of application data in the data backup system according to the embodiment of the present invention. Next, this will be described. This process is started when a user using the server 101 is instructed to save application data via a user terminal (not shown).

(1) First, since one or a plurality of servers 101 backs up data generated by application services on the server 101 and transmits the data to the backup proxy 102 as application data to be stored, the backup proxy 102 , Receive the app data. The backup proxy 102 registers the received application data in the Data DB 210 described with reference to FIG. At that time, the backup proxy 102 adds the transmission source server name and the received date / time information to the application data name 302, stores the network address of the transmission source server in the server address 303, and sets the processing flag 304 in the processing flag 304. “X” indicating that processing by the data mixing program 208 is not performed is set (step 501).

(2) Next, the backup proxy 102 confirms whether or not there are two or more entries having the processing flag 304 of “x” in the Data DB 210. Returning to the process, reception of another application data is awaited (step 502).

(3) If there are two or more entries in the Data DB 210 with the processing flag 304 “x” in the confirmation in step 502, the backup proxy 102 determines that the processing flag 304 is “x” from the Data DB 210. The data mixing program 208 encrypts, divides, and reconstructs the application data to create a backup data pair. In the dividing process, the data mixing program 208 divides the encrypted application data so as to straddle the encryption processing block (step 503).

(4) The backup proxy 102 distributes and stores the backup data pairs created in the process of step 503 in different online storage services A103 and B104, and returns to the process from step 501 to continue the process (step 504). ).

  In the application data backup process in the data backup system according to the embodiment of the present invention described above, the application data is encrypted, divided, and mixed and reconfigured for two independent application data. The application data may be encrypted, divided, and reconfigured for one application data. In the above description, the processed application data is distributed and stored in two online storage services. However, in the present invention, the application data is distributed and stored in three or more online storage services. You can also Furthermore, according to the present invention, application data may be encrypted, divided, and mixed and reconfigured for three or more pieces of application data that are independent of each other.

  FIG. 6 is a flow chart for explaining application data restore processing in the data backup system according to the embodiment of the present invention, which will be described next. This process is started when an instruction to acquire application data stored via a user terminal (not shown) is issued from a user who uses the server 101.

(1) When the processing is started, the data recovery program 209 of the backup proxy 102 extracts the column of the combination of the application data name 302 and the server address 303 from the Data DB 210 described with reference to FIG. The information is displayed on the display device of the output unit 205 (step 601).

(2) The data recovery program 209 obtains the application data name designated by the user from the list display displayed on the display device of the output unit 205 (step 602).

(3) Next, the data recovery program 209 searches the Locate DB 211 described with reference to FIG. 4 for an entry having the same item as the application data name acquired in step 602, and lists corresponding backup file names. Is acquired (step 603).

(4) The data recovery program 209 acquires each file from the online storage service for the backup file name list acquired in step 603 and recovers the application data by separating, reconfiguring and decrypting the file. The processing here is terminated (step 604).

  7 and 8 are flowcharts for explaining the details of the processing operation in the data mixing program 208, which will be described next. Since the flow shown in FIGS. 7 and 8 is a series, the following description will be made without distinguishing the figure numbers. The processing here is the details of the processing in step 503 of the flow described with reference to FIG.

(1) When the process is started, the data mixing program 208 encrypts the two application data selected in the Data DB 210 as DataX and DataY using the encryption key Key212. Then, the file names of DataX and DataY are set to variable Data NameX and variable Data NameY, respectively (step 701).

(2) Next, the data Enc (DataX) and Enc (DataY) encrypted in the processing of step 701 are divided so as to straddle the encryption processing block. For example, if the processing block is a 128-bit processing unit, the first processing block is divided into 64 bits, then 128 bits, then 128 bits, and so on, and the block to be encrypted is divided. (Step 702).

(3) Next, the data mixing program 208 checks whether or not data is set in the variable File Local 213, and if the data is set, sets the variable Loop Again Flag to TRUE. This variable is a variable set to process the file local data by repeatedly performing a part of the processing of the data mixing program 208 (steps 703 and 704).

(4) Next, the data mixing program 208 sets the data block group of the variable File Local to the array variable work ArrayA [], and the data block group of Enc (DataX) divided by the processing in step 702 is set to the array variable work ArrayB. In addition to setting to [], the Data Name 214 is set to the variable tmp Data NameA, and the Data NameX acquired in the processing of Step 701 is set to tmp Data NameB (Step 705).

(5) If there is no data in the variable File Local 213 in step 703, the variable Loop Again Flag is set to FALSE (step 714).

(6) After that, the data mixing program 208 sets the data block group of Enc (DataX) divided by the process of step 702 to the array variable work ArrayA [], and the data of Enc (DataY) divided by the process of step 702 The block group is set in the array variable workArrayB [], DataNameX acquired in the process of step 701 is set in tmpDataNameA, and DataNameY acquired in the process of step 701 is set in tmp Data NameB (step 715).

(7) After the processing of steps 705 and 715, the data mixing program 208 compares the number of arrays of the array variables work ArrayA [] and work ArrayB [], and the number of arrays of the array variable work ArrayA [] is set to work ArrayB [ ] Is smaller than the number of arrays. In this comparison process, in order to determine the number of data blocks to be processed, the smaller one of the array variables is detected (step 706).

(8) If the number of arrays in the array variable work ArrayA [] is smaller in the comparison determination in step 706, the number of arrays of work ArrayA [] is set in the variable array Len, and TRUE is set in the variable arrayA Flag. These settings are flags indicating the number of data blocks to be processed from now on and which variable array number is smaller (step 707).

(9) If the number of arrays in the array variable work ArrayA [] is the same as or larger than the number of arrays in the array variable work ArrayB [] in the comparison / determination in step 706, the number of arrays in work ArrayB [] is set in the variable array Len. And set the variable arrayA Flag to FALSE. These settings are flags indicating the number of data blocks to be processed from now on and which variable array number is smaller (step 716).

(10) After step 707 or step 716, a new entry is added to Local DB 211. In the entry to be added, the character string “File (num)” is set as the backup file name 402, the value of the variable tmp Data NameA is set as the application data name i 403, and the variable tmp Data NameB is set as the application data name ii404. A value is set, and the variable array Len is set as the number of storage blocks 405. Incidentally, the value of the variable num 215 is entered in the num portion of the character string “File (num)” (step 708).

(11) Next, the data mixing program 208 assigns 0 to the number i, determines whether the variable i is smaller than the variable array Len set in step 707, and the variable i is smaller than the variable array Len. Is smaller, it is verified whether or not the variable i is an even number (steps 709 to 711).

(12) If the variable i is an even number in step 711, the i-th block data of the array variable work ArrayA [] is added to the file File (num) and the file File (num + 1) is added. The i-th block data of the array variable work ArrayB [] is added (step 712).

(13) If it is determined in step 711 that the variable i is not an even number, that is, an odd number, the i-th block data of the array variable work ArrayB [] is added to the file File (num) and the file The i-th block data of the array variable work ArrayA [] is added to File (num + 1) (step 717).

(14) After the process of step 712 or step 717, 1 is added to the variable i, and the process returns to the process from step 710 to continue the process (step 713).

(15) If it is determined in step 710 that the variable i is equal to or greater than the variable array Len set in step 707, the file File (num) is uploaded to the online storage service A103 and saved, and the file File (num + 1) is uploaded and stored in the online storage service B104 (step 817).

(16) Next, increase the value of the variable num 215 by 2 and check whether TRUE is set for the variable Loop Again Flag. If TRUE is set, set the variable Loop Again Flag to FALSE. Is set (steps 818, 801, 802).

(17) Next, the data mixing program 208 checks whether TRUE is set in the variable arrayA Flag. If TRUE is set, tmp Data in the application data name 302 on the Data DB 210 is set. The processing flag 304 of the same entry as NameA is set to “◯” (steps 803 and 825).

(18) Next, check whether the variable tmp Data NameB and the variable data Name are the same. If these two variables are not the same, set the value of the variable tmp Data NameB to the variable data Name. (Steps 804 and 806).

(19) If the variable tmp Data NameB and the variable data Name are the same in the confirmation in step 804, or after the processing in step 806, the data block of Enc (DataY) divided in the processing in step 702 The group is set to the array variable work ArrayA [], and the i-th and subsequent block data groups of the array variable work ArrayB [] are set to the array variable work ArrayB [] (step 805).

(20) If TRUE is not set in the variable arrayA Flag in the confirmation in step 803, the processing flag 304 of the same entry as the tmp Data NameB in the application data name 302 on the Data DB 210 is set to “O”. (Step 826).

(21) Next, check whether the variable tmp Data NameA and the variable data Name are the same. If these two variables are not the same, set the value of the variable tmp Data NameA to the variable data Name. (Steps 808 and 810).

(22) If the variable tmp Data NameA and the variable data Name are the same in the confirmation in step 808, or after the processing in step 810, the i-th and subsequent block data groups of the array variable work ArrayA [] Is set in the array variable work ArrayA [], and the data block group of Enc (DataY) divided in the processing in step 702 is set in the array variable work ArrayB [] (step 809).

(23) After the processing in step 805, it is confirmed whether or not the array variable work ArrayB [] is a free array. If the array variable work ArrayB [] is not a free array in this confirmation, or step 809 After the process of (2), it is confirmed whether or not the array variable work ArrayA [] is an empty array. If the array variable work ArrayA [] is not an empty array in this confirmation, the process returns to the process from step 706 and processed. (Steps 807 and 811).

(24) If TRUE is set in the variable Loop Again Flag in step 801 and if TRUE is not set in the variable Loop Again Flag, it is checked whether arrayA Flag is set to TRUE. (Step 812).

(25) If arrayA Flag is set to TRUE in the confirmation in step 812, or if the array variable work ArrayA [] is an empty array in the confirmation in step 811, the i-th variable work ArrayB [] The subsequent block data group is set in the array variable File Local, and it is confirmed whether or not the array variable File Local is an empty array (steps 813 and 814).

(26) If arrayA Flag is not set to TRUE in step 812, or if array variable work ArrayB [] is an empty array in step 807, i of variable work ArrayA [] The block data group after the th is set in the array variable File Local, and it is confirmed whether or not the array variable File Local is an empty array (steps 821 and 822).

(26) If the array variable File Local is an empty array in the confirmation in step 814 or step 822, the variable data Name is made empty (NULL), and tmp Data NameA in the application data name 302 on the Data DB 210 is set. The processing flag 304 of the same entry is set to “O”, and the processing flag 304 of the same entry as the tmp Data NameB in the application data name 302 on the Data DB 210 is set to “O”. Is finished (steps 815 and 816).

(27) If the array variable File Local is not an empty array in the confirmation in step 814, the value of the variable tmp Data NameB is set in the variable data Name, and tmp Data NameA in the application data name 302 on the Data DB 210 is set. The processing flag 304 of the same entry is set to “◯”, and the processing here ends (steps 819 and 820).

(28) If the array variable File Local is not an empty array in the confirmation in step 814, the value of the variable tmp Data NameA is set to the variable data Name, and tmp Data NameB in the application data name 302 on the Data DB 210 is set. The processing flag 304 of the same entry is set to “◯”, and the processing here ends (steps 823 and 824).

  FIG. 9 is a flowchart for explaining the details of the processing operation in the data recovery program 209. Next, this will be described. The processing here is the details of the processing in step 604 of the flow described with reference to FIG.

(1) The data recovery program 209 stores the backup files File (x) and File (x + 1) corresponding to the first file name in the backup file list acquired in step 603 in the restore process illustrated in FIG. Download and obtain from each of the online storage services A103 and B104 (step 901)
(2) The variable tmp Array is made empty (NULL), the data of the entry of the file name File (x) acquired by the processing of Step 901 from the Local DB 211, and the column of the application data to be recovered in which column of the acquired data (Steps 902 to 904).

(3) If the application data name to be recovered is found in application data name i 403 in step 904, the value of variable x is assigned to variable y, the value of variable x + 1 is assigned to variable z, and step If the application data name to be recovered is found in application data name ii404 in the examination of 904, the value of variable x + 1 is assigned to variable y, the value of variable x is assigned to variable z, and then 0 is assigned to variable j. (Steps 905 to 907).

(4) It is confirmed whether or not the number of storage blocks of data acquired in the processing of Step 903 is larger than the variable j. If the number of storage blocks of acquired data is larger than the variable j, the variable j is an even number. (Steps 908 and 909).

(5) If the variable j is an even number in the confirmation in step 909, the jth data block of File (y) acquired in the processing in step 901 is added to the variable tmp Array. If the variable j is an odd number instead of an even number, the jth data block of File (z) obtained in step 901 is added to the variable tmp Array, and then 1 is added to the variable j. Returning to the processing from 908, the processing is continued (steps 910, 912, 911).

(6) When the number of storage blocks of the data acquired in the process of step 903 is equal to or smaller than the variable j in the confirmation of step 908, the backup file acquired in the process of step 603 of the restore process described with reference to FIG. It is checked whether there is a next file name in the list (step 913).

(7) If there is a next file name in the backup file list obtained in step 603 in the confirmation in step 913, the files File (x) and File (x + 1) corresponding to the corresponding file name are online. Download from each of the storage services A103 and B104, return to the processing from step 903 and continue the processing (step 914).

(8) If there is no next file name in the backup file list acquired in the processing of step 603 in the confirmation in step 913, it is confirmed whether the data name 214 and the application data name to be recovered are the same. If there is, File Local data is added to tmp Array (steps 915 and 916).

(9) If the data name 214 and the application data name to be recovered are not the same in the confirmation at step 915, or after the process at step 916, the tmp Array is decrypted using the key 212 and the application data to be recovered The processing here ends as a name file (step 917).

  Each processing in the above-described embodiment of the present invention is configured as a processing program and can be executed by a CPU provided in the apparatus, and this processing program is HD, DAT, FD, MO, DVD-ROM, CD- It can be stored in a recording medium such as a ROM or provided as digital data via a communication line.

  According to the above-described embodiment of the present invention, the backup data to be stored is encrypted, divided into a plurality of blocks so as to divide blocks that are encryption processing units, and stored on a data storage service system operated by a third party. Therefore, even if one of the stored divided data is stolen, the amount of information necessary to generate plaintext is not complete, so the data decryption attempt is invalidated and secure Data can be stored in

  In addition, the embodiment of the present invention can be further combined with other backup data so that the backup data divided into a plurality of encrypted data is not continuously included in the divided backup data block. Since the data is stored on the data storage service system operated by, data can be stored more safely.

101 Server 102 Backup proxy
103, 104 Online storage service A, B
105 is the network 201 CPU
202 Memory 203 Communication Unit 204 Input Unit 205 Output Unit 206 Storage Device 207 Bus 208 Data Mixing Program 209 Data Recovery Program 210 Data DB
211 Locate DB
212 Key
213 File Local
214 Data Name
215 num

Claims (5)

In a data backup system that stores data on a data storage service system operated by a third party,
One or a plurality of servers for generating data to be backed up by an application, a plurality of data storage service systems for storing backup data, and a plurality of data storage services by processing backup data to be stored from the server With backup proxy for distributed storage in the system,
The backup proxy has data encryption means and a registration table for registering and managing stored data,
The encryption unit encrypts backup data to be stored from the application, divides the encrypted backup data so as to divide a block which is an encryption processing unit, and includes divided data blocks continuously. A data backup system, wherein the divided data is combined, the combination information is recorded in the registration table, and the combined data is distributed and stored in the plurality of data storage service systems. In a data backup system that stores data on a data storage service system operated by a third party,
One or a plurality of servers for generating data to be backed up by an application, a plurality of data storage service systems for storing backup data, and a plurality of data storage services by processing backup data to be stored from the server With backup proxy for distributed storage in the system,
The backup proxy has data encryption means and a registration table for registering and managing stored data,
The encryption unit encrypts each of a plurality of backup data to be stored from one or a plurality of applications, and divides each of the plurality of encrypted backup data so as to divide a block which is an encryption processing unit. , Combined with other backup data so that the divided data blocks of the same backup data are not continuously included, the combination information is recorded in the registration table, and the combined data is stored in the plurality of data storage service systems. A data backup system characterized by distributed storage.   The backup proxy has data recovery means. The data recovery means acquires backup data of a designated application from the plurality of data storage service systems based on the information in the management table, and acquires the acquired data. 3. The data backup system according to claim 1, wherein the data is recovered by reconfiguring the block and decoding the data. In a data backup method for storing data on a data storage service system operated by a third party,
One or a plurality of servers for generating data to be backed up by an application, a plurality of data storage service systems for storing backup data, and a plurality of data storage services by processing backup data to be stored from the server With backup proxy for distributed storage in the system,
The backup proxy has data encryption means and a registration table for registering and managing stored data,
The encryption unit encrypts backup data to be stored from the application, divides the encrypted backup data so as to divide a block which is an encryption processing unit, and includes divided data blocks continuously. A data back method comprising: combining divided data, recording the combination information in the registration table, and distributing and storing the combined data in the plurality of data storage service systems. In a data backup method for storing data on a data storage service system operated by a third party,
One or a plurality of servers for generating data to be backed up by an application, a plurality of data storage service systems for storing backup data, and a plurality of data storage services by processing backup data to be stored from the server With backup proxy for distributed storage in the system,
The backup proxy has data encryption means and a registration table for registering and managing stored data,
The encryption unit encrypts each of a plurality of backup data to be stored from one or a plurality of applications, and divides each of the plurality of encrypted backup data so as to divide a block which is an encryption processing unit. , Combined with other backup data so that the divided data blocks of the same backup data are not continuously included, the combination information is recorded in the registration table, and the combined data is stored in the plurality of data storage service systems. A data backup method characterized by distributed storage.

Images