JP5423118B2 - Data storage system and data storage method - Google Patents

Description

  The present invention relates to a data archiving system and a data archiving method, and more particularly to a technique for archiving archival target files in an electronic device used by a user in a plurality of server devices in order to provide redundancy.

  Today, with the spread of computers, there are increasing opportunities to handle various data files not only in industry but also at home. There are various types of target files, such as document data files, spreadsheet data files, image data files, moving image data files, and music data files. In view of such a technical background, recently, a business of providing a service for storing a data file from a company or an individual via a network and storing it is also widespread. For example, in Patent Document 1 below, in order to safely store a data file deposited from a customer, the data file to be stored is divided and stored in a plurality of different server devices via the Internet. A distributed data archive device is disclosed.

  By using such a data storage service via the Internet, data files can be deposited from anywhere in the world, and data files can be retrieved from anywhere in the world. Extremely high. However, since the file to be stored is a collection of digital data, the risk of data loss is unavoidable regardless of the hardware device used for storage. For this reason, it is important to provide redundancy when storing data files.

  As a method of storing data files with redundancy, the most popular method at present is a method called “mirroring”. In this method, a method is used in which a plurality of identical storage target files are created and stored in duplicate on separate hardware devices. In this case, even if it fails to retrieve the file to be saved from one hardware device, an attempt to retrieve the same file to be saved from the other hardware device becomes possible, and the file to be saved is completely lost. There is very little possibility of it. For example, Patent Document 2 below discloses a system for storing a data file by a mirroring method using a plurality of server devices connected to a network.

Japanese Patent No. 4107370 JP-T-2004-523017

  The usage form in which users store data files stored in electronic devices such as personal computers and mobile phones in some server device using a network such as the Internet will continue to increase. Expected. For example, if the distributed data archive device using the Internet disclosed in the above-mentioned Patent Document 1 is used, a user can deposit data files from anywhere in the world, and data from anywhere in the world. You can retrieve the file. However, in order for a user to retrieve a data file, information (for example, an IP address) that identifies a server device serving as a deposit destination is required. Therefore, in the distributed data archive device, information specifying a server device as a depository is provided to the user as management information. Using this management information, the user can retrieve the stored data file anytime and anywhere.

  In order to provide redundancy to such a distributed data archive device, it is preferable to store the same file to be stored redundantly on a plurality of server devices using the above-described “mirroring” method. For this purpose, first, a plurality of server devices are selected as depositees of files to be stored, and management information (for example, IP addresses) for identifying the selected individual server devices is placed under the management of the user. What is necessary is just to make the electronic device such as a personal computer used perform a depositing process for transmitting the same file to be stored to each individual server device serving as a depositee. Since the management information under the management of the user is information that can identify each of the plurality of server devices that have become depositors, the user uses this management information when necessary, A file to be stored can be retrieved from any server device anytime and anywhere. Moreover, even if removal from one server device fails, it is possible to attempt removal from the other server device using redundancy.

  In this way, if a method of storing data files with redundancy is used, the advantage of reducing the risk of accidental loss of file data can be obtained, but the processing burden of depositing the files to be stored on the server device increases. Is inevitable. For example, if the same storage target file is deposited in two server devices, the storage target file data is transferred from the electronic device used by the user to each of the two server devices via the network. There is a need to transmit, and the communication capacity is doubled to ensure redundancy.

  However, electronic devices used by general users such as individuals and small businesses often do not have so high-performance communication functions and communication environments. For example, although the connection environment to the Internet is now widely spread to ordinary homes, the communication speed and communication capacity are still insufficient. In fact, even today, where broadband communication environments using optical cables and the like are being prepared, communication lines with asymmetric uplink (uplink) and downlink (downlink) speeds are common, and from the user side to the server device side. The communication speed and communication capacity are not sufficient. For this reason, the process of transmitting a large-capacity data file from the electronic device used by the user to the server device places a heavy burden on the communication function and communication environment of the electronic device.

  In addition, portable electronic devices such as notebook computers, mobile phones, and PDA devices provide high convenience to users, but a wireless environment is usually used for communication by such portable electronic devices. . For this reason, in the case of a portable electronic device, it is not possible to desire a high communication capability that can be obtained in a wired environment. Therefore, the process of transmitting a large-capacity data file from the portable electronic device to the server device results in imposing a great burden on the communication function and communication environment of the electronic device.

  Therefore, the present invention can store a file to be stored in an electronic device used by a user in a plurality of server devices in order to ensure redundancy. An object of the present invention is to provide a data storage system capable of suppressing an increase in communication burden.

(1) A first aspect of the present invention provides a data storage system for storing files to be stored with redundancy,
A storage processing device for depositing and extracting files to be stored;
A management information storage device for receiving management information from the storage processing device and storing the management information;
A plurality of server devices connected to each other via a network and connected to a storage processing device via the network;
Composed by
In storage processing equipment,
A server designating unit for designating a direct deposit server and an indirect deposit server from a plurality of server devices as a deposit destination for files to be stored;
Management information that writes direct depositee information that identifies the direct depository server specified by the server designating unit and indirect depositee information that identifies the indirect depository server specified by the server designating unit to the management information storage device as management information A writing unit;
A file depositing unit that sends indirect depository information and files to be stored to a direct depositing server via a network;
A management information reading unit that reads direct depository information or indirect depository information, or both from the management information storage device;
The direct deposit server or the indirect deposit server specified by the information read by the management information reading unit is given a request to retrieve the file to be stored that has been deposited, and returned in response to this request. A file extraction unit for obtaining the stored file,
Provided,
Among the plurality of server devices, at least one is a server device that can be designated as a direct deposit server, and at least one is a server device that can be designated as an indirect deposit server,
Server devices that can be designated as direct deposit servers include
A direct deposit file storage unit for storing files to be stored;
When indirect depositee information and files to be stored are sent from the file deposit department, the files to be stored are directly stored in the deposit file storage section, and the files to be stored are specified by the indirect depositee information via the network. A direct deposit processing unit for forwarding to an indirect deposit server,
In response to a request from the file extraction unit, a direct deposit file return unit that returns a file to be stored stored in the direct deposit file storage unit to the file extraction unit;
Provided,
Server devices that can be designated as indirect depository servers include
An indirect deposit file storage unit for storing files to be stored;
An indirect deposit processing unit for storing the transferred file to be stored in the indirect deposit file storage unit when the file to be stored is transferred from the direct deposit processing unit;
In response to a request from the file extraction unit, an indirect deposit file return unit that returns a file to be stored stored in the indirect deposit file storage unit to the file extraction unit;
Is provided.

(2) According to a second aspect of the present invention, in the data storage system according to the first aspect described above,
Condition that the direct deposit processing unit has successfully received the "indirect depositee information and files to be stored" sent from the file deposit unit and has successfully stored the files to be stored in the direct deposit file storage unit Has a function to send a receipt confirmation to the file depositing department as a transmission source,
When the deposit confirmation is obtained, the file deposit unit presents information indicating that the storage process is completed to the user.

(3) According to a third aspect of the present invention, in the data storage system according to the second aspect described above,
The indirect deposit processing unit becomes a transmission source on condition that the storage target file transferred from the direct deposit processing unit has been successfully received and the storage target file has been stored normally in the indirect deposit file storage unit. It has a function to send a transfer confirmation to the direct deposit processing unit,
The direct deposit processing unit transmits the deposit confirmation on the weighted condition that the transfer confirmation from the indirect deposit processing unit is obtained.

(4) According to a fourth aspect of the present invention, in the data storage system according to the second or third aspect described above,
The file depositing department has a function to report to the management information writing section that the acceptance confirmation has been obtained,
The management information writing unit waits for the report and writes management information.

(5) According to a fifth aspect of the present invention, in the data storage system according to the second to fourth aspects described above,
The file depositing section presents information indicating that the storage process has failed to the user when the deposit confirmation is not obtained within a predetermined time.

(6) According to a sixth aspect of the present invention, in the data storage system according to the second to fourth aspects described above,
When the confirmation of delivery has not arrived at the file depositing unit within a predetermined time, the server designating unit makes a new designation different from the previous one, and the management information writing unit sends the management information based on the new designation to the management information storage device And the file depositing unit transmits the indirect depositee information based on the new designation and the storage target file to the direct depositing server based on the new designation.

(7) According to a seventh aspect of the present invention, in the data storage system according to the first to sixth aspects described above,
The file deposit department completes the process of sending indirect depositee information and files to be stored via the network, and the management information writing section manages the direct depositee information and indirect depositee information as management information. After the process of writing to the information storage device is completed, the process of deleting the written direct depository information and indirect depository information from the storage processing device is performed.

(8) According to an eighth aspect of the present invention, in the data storage system according to the first to seventh aspects described above,
After the direct deposit processing unit completes the process of transferring the file to be stored to the indirect deposit server, the indirect deposit destination information corresponding to the transferred file to be stored is deleted from the direct deposit server. It is a thing.

(9) According to a ninth aspect of the present invention, in the data storage system according to the first to eighth aspects described above,
The management information writing unit has a function of writing management information including bibliographic information for specifying a storage target file,
The management information reading unit uses the bibliographic information to read the management information about the storage target file that the user requests to retrieve.

(10) According to a tenth aspect of the present invention, in the data storage system according to the first to ninth aspects described above,
The file retrieval unit uses either the direct deposit server or the indirect deposit server specified by the information read by the management information read unit as the primary acquisition destination and the other as the secondary acquisition destination. A file retrieval request is given to obtain a file to be stored, and if the acquisition fails, a request to retrieve the file to be saved is given to the secondary acquisition destination to attempt to reacquire the file to be saved. is there.

(11) An eleventh aspect of the present invention is the data storage system according to the above first to tenth aspects,
The file deposit department has performed processing to attach the indirect depository information to the file to be stored, and sent the file to be stored with the indirect depository information attached directly to the depository server via the network. Is.

(12) According to a twelfth aspect of the present invention, in the data storage system according to the first to eleventh aspects described above,
The server designation unit performs a process of selecting a specific server device from a plurality of server devices randomly or for each storage target file based on a predetermined rule set in advance. Based on this, the direct deposit server and the indirect deposit server are designated.

(13) According to a thirteenth aspect of the present invention, in the data storage system according to the first to twelfth aspects described above,
Some or all of the multiple server devices
A combined deposit file storage unit that functions as both a direct deposit file storage unit and an indirect deposit file storage unit;
When both the indirect depository information and the file to be stored are transmitted, the transmitted file to be stored is stored in the dual-purpose deposit file storage unit, and the transmitted file to be stored is indirectly transmitted via the network. It performs the function as the direct deposit processing unit by performing the process of transferring to the indirect deposit server specified by the depository information. When only the file to be stored is transferred, the transferred file to be stored is also used. A combined deposit processing unit that functions as an indirect deposit processing unit by performing processing to store in the deposit file storage unit;
In response to a request from the file extraction unit, the storage target file stored in the dual-purpose deposit file storage unit is returned to the file extraction unit, so that both the direct deposit file return unit and the indirect deposit file return unit are fulfilled. A combined deposit file return section;
And a server device that can be designated as either a direct deposit server or an indirect deposit server.

(14) According to a fourteenth aspect of the present invention, in the data storage system according to the first to thirteenth aspects described above,
The storage processing device is configured as a device incorporated in a part of “a data processing device that incorporates a CPU and a storage device and operates based on an input operation from a user”, and a file stored in the storage device Has a function to perform deposit processing with files to be stored,
The management information storage device is configured by an IC card that is accessed from the data processing device.

(15) According to a fifteenth aspect of the present invention, in the data storage system according to the first to thirteenth aspects described above,
The storage processing device is composed of one computer,
The management information storage device is configured by a magnetic storage device, an optical storage device, or a semiconductor storage device built in or attached to the computer.

(16) According to a sixteenth aspect of the present invention, in the data storage system according to the first to thirteenth aspects described above,
By incorporating a dedicated program into the computer, the computer is made to function as a storage processing device.

(17) According to a seventeenth aspect of the present invention, there is provided a data storage method for storing a file to be stored in a deposit source apparatus with redundancy in another apparatus as a deposit destination.
The depository source device determines the direct depository device and the indirect depository device as different devices as the depository destination, and the direct depositee information that identifies the direct depositor device and the indirect depositee information that identifies the indirect depositor device are specified. The stage of storing in the location of
A stage in which the depositor device sends the indirect depositee information and the file to be stored directly to the depositor;
The direct depositing device stores the transmitted storage target file in the first storage location, and transfers the transmitted storage target file to the indirect depositing device specified by the transmitted indirect depositing destination information. Stages,
The indirect depositing device stores the transferred storage target file in the second storage location;
The file to be stored in the depositor apparatus is stored in both the first storage location and the second storage location.

(18) According to an eighteenth aspect of the present invention, in the data storage method according to the seventeenth aspect described above,
After the depositor device stores the direct depositor information and indirect depositor information on the external device, the direct depositor information and the indirect depositor information are deleted from itself.
The direct depositing device erases the indirect depository information from itself after transferring the storage target file to the indirect depositing device;
Is further performed.

  According to the data storage system and data storage method of the present invention, when a storage target file is transmitted directly from the storage processing apparatus to the depository server, the storage target file is automatically transferred from the direct depository server to the indirect depository server. Is done. For this reason, the storage target file is stored redundantly in both the direct depositing server and the indirect depositing server, and redundancy can be ensured. Moreover, since the transmission from the storage processing device only needs to be transmitted directly to the deposit server, if the storage processing device according to the present invention is incorporated in the electronic device used by the user, duplicate storage is performed. In spite of this, an increase in the communication burden of the electronic device can be suppressed.

It is a block diagram which shows the basic composition of the file storage system using the distributed data archive apparatus proposed conventionally, and the movement form of a file. It is a block diagram which shows the movement form of the file at the time of adopting the general method for ensuring redundancy in the file storage system shown in FIG. It is a block diagram which shows the movement form of the file at the time of adopting the method which concerns on this invention for ensuring redundancy in the file storage system shown in FIG. It is a block diagram which shows the basic composition of the data storage system which concerns on this invention. FIG. 5 is a block diagram showing a flow when a file is taken out in the data storage system shown in FIG. 4. FIG. 5 is a block diagram showing a flow of confirmation information when performing a reporting process when depositing a file in the data storage system shown in FIG. 4. It is a block diagram which shows more practical embodiment of the data storage system which concerns on this invention. It is a block diagram which shows the structural example of the storage processing apparatus and management information storage apparatus in the data storage system which concerns on this invention. It is a block diagram which shows another structural example of the storage processing apparatus and management information storage apparatus in the data storage system which concerns on this invention.

  Hereinafter, the present invention will be described based on the illustrated embodiments.

<<< §1. Configuration of distributed data archive device >>
The present invention was conceived while searching for an efficient method for storing data files with redundancy in the distributed data archive device disclosed in Patent Document 1 described above. Therefore, here, first, the basic configuration of the distributed data archive device that has started the idea will be briefly described.

  FIG. 1 is a block diagram showing a basic configuration of a file storage system using a distributed data archive device disclosed in the above-mentioned Patent Document 1 and a file movement mode. The distributed data archive device 10 can be configured by incorporating a dedicated program into a general electronic device having a communication function connectable to a network such as a personal computer. The IC card 20 is provided in advance to the user of this system. The IC card 20 has a function of storing management information K in response to access from the distributed data archive device 10.

  The distributed data archive device 10 divides the original file F0 into a plurality of divided files Fa to Fc, and these are divided into a plurality of servers that are geographically distributed via a network N (the Internet in the illustrated example). A storage process for transmitting to the devices S1 to S3 and storing, and conversely, a restoration process for retrieving the stored divided files Fa to Fc from the server devices S1 to S3 and combining them to restore the original file F0; It has a function to perform.

  Actually, the distributed data archive device 10 also has a function of encrypting and decrypting files. During the storage process, the divided files Fa to Fc are encrypted and then each server device S1. To S3. Therefore, the divided files Fa to Fc stored in the server apparatuses S1 to S3 are encrypted files. On the other hand, in the restoration process, the encrypted divided files Fa to Fc are decrypted, and the original file F0 is restored.

  The management information K stored in the IC card 20 includes information indicating a division method and an encryption method applied to the original file F0, and information indicating a server device that is a deposit destination of each of the divided files Fa to Fc. , Is composed of. The example shown in the figure is an example in which the original file F0 is divided into three to generate three divided files Fa to Fc, but the number of divisions and division rules are arbitrary. The information indicating the division method “has been done” is stored as management information K in the IC card 20. Similarly, the encryption method is arbitrary, and information indicating the encryption method “what encryption key is used and what algorithm is used for encryption” is used as the management information K as the IC card 20. Stored in.

  Furthermore, information indicating the deposit destination of each divided file is stored as management information K in the IC card 20. In the case of the illustrated example, the information of the depositee that “the depository of the divided file Fa is the server device S1, the depository of the divided file Fb is the server device S2, and the depository of the divided file Fc is the server device S3” is management information. Stored as K. Eventually, in the case of the illustrated example, the information indicating the division method, the encryption method, and the depositee is stored in the IC card 20 during the storage process as the management information K related to the storage of the original file F0.

  As described above, the management information K stored in the IC card 20 is information that gives a clue as to “how the original file F0 was divided, how it was encrypted, and where each divided file was deposited”. Yes, this is essential information for taking out the original file F0. During the restoration process, the distributed data archive device 10 restores the original file F0 based on this management information K. That is, based on the information indicating the entrustment destination, the divided files Fa, Fb, Fc required for restoration are taken out from the server apparatuses S1, S2, S3 that are the entrustment destinations, and based on the information indicating the encryption method. The original file F0 can be restored by performing the decryption process by the reverse logical process and performing the composite process by the reverse process based on the information indicating the division method.

  A significant advantage of this system is that the original file F0 can be taken in and out (stored in the server device and taken out) anytime and anywhere. For example, if the distributed data archiving apparatus 10 is composed of a portable computer such as a notebook computer, and the portable data archive device 10 is carried, a file can be taken in and out anytime and anywhere as long as there is a connection environment to the Internet N. Become. However, the management information K in the IC card 20 is necessary for taking out the file. In other words, if the user carries only the IC card 20 in which the management information K is stored, the file can be taken in and out at any place where the distributed data archive device 10 is installed. For example, if a personal computer functioning as the distributed data archiving apparatus 10 is installed at airports, stations, hotels, etc. around the world, a user can carry out a file at various locations around the world if only the IC card 20 is carried. Can be taken in and out.

  An attendant advantage of this system is that sufficient security is ensured for stored data files. For example, in the case of the illustrated example, the server devices S1 to S3 are all file servers that are accessed from the outside via the Internet N, and thus may be damaged by hacking. However, even if the divided file Fa is in the hands of an unauthorized person due to hacking, the original file F0 cannot be restored by itself. To restore the original file F0, it is necessary to obtain the other divided files Fb and Fc. However, the storage location of these files cannot be known unless the management information K is obtained. First of all, unless the management information K is obtained, the fact that the original file F0 has been divided into three files Fa, Fb, Fc cannot be recognized, and since the encryption method is unknown, these divided files are illegally obtained. Even if it does, it cannot be decoded correctly. Therefore, even if the server apparatuses S1 to S3 are in an environment accessed by the Internet N, the possibility that the original file F0 is illegally obtained is extremely low, and sufficient security is maintained.

  Here, an example in which the management information K is stored in the IC card 20 has been described, but instead of storing the management information K directly in the IC card, the management information K is stored in another storage location (for example, another storage location). Information for obtaining the management information K (for example, the URL of the other server device) may be stored in the IC card 20. In this case, during the storage process, the distributed data archive device 10 performs a process of storing the management information K in a predetermined location, and writes information indicating the location in the IC card 20. On the other hand, at the time of the restoration process, the distributed data archive device 10 may read the information indicating the storage location of the management information K from the IC card 20, read the management information K from the storage location, and then perform the restoration process. .

<<< §2. Application of the present invention to a distributed data archive device >>
The distributed data archiving apparatus described in §1 is a technology developed with the operation of a commercial service in which data files are deposited from contracted users via the Internet. In providing such a commercial service, it is essential to maintain not only security but also reliability of data restoration. For example, in the example shown in FIG. 1, when a problem occurs in the server device S1 and the divided file Fa is lost, the original file F0 can no longer be restored. Therefore, in practice, it is preferable to store each of the divided files Fa, Fb, and Fc with redundancy.

  FIG. 2 is a block diagram showing a file movement mode when a general method (mirroring) for ensuring redundancy is adopted in the file storage system shown in FIG. In this example, each divided file Fa, Fb, Fc is transmitted to and stored in two different server devices, and the same file is always stored in two different locations. Specifically, the divided file Fa is stored in the server devices S1 and S3, the divided file Fb is stored in the server devices S2 and S1, and the divided file Fc is stored in the server devices S3 and S2. For this reason, the deposit destination of each divided file in the management information K in the IC card 20 also indicates two server devices.

  By adopting such a “mirroring” method, redundancy is added to the file to be stored, so that the possibility that the original file can be restored increases even if a failure occurs in the server device. For example, in the example shown in FIG. 2, even if a failure occurs in the server device S1 and the divided files Fa and Fb are lost, these divided files are stored in the other server devices S2 and S3. Therefore, the original file F0 can be restored without hindrance.

  However, when the method shown in FIG. 2 is adopted as a means for ensuring redundancy, it is inevitable that the work load of the storage processing of the divided files Fa, Fb, and Fc increases. As in the example shown in FIG. 2, when the individual divided files Fa, Fb, Fc are transmitted from the distributed data archive device 10 to two server devices, respectively, the transmission data capacity from the distributed data archive device 10 Increases twice as compared with the example shown in FIG.

  Here, if the distributed data archive device 10 is a computer having a high-speed communication environment with respect to the Internet (for example, a desktop computer directly connected to a communication line using an optical fiber), the communication capacity is high. The increase will not be a big problem. However, it is difficult to expect high-performance communication functions and communication environments for electronic devices used by general users such as individuals and small businesses. In the case of portable electronic devices such as notebook computers, mobile phones, and PDA devices, it is common to connect to the Internet using wireless communication. When the apparatus 10 is configured, an increase in transmission data capacity results in a heavy burden on the communication function.

  In view of such circumstances, the present invention can store a file to be stored in an electronic device used by a user in a plurality of server devices in order to ensure redundancy, In addition, a new technique for reducing the communication burden of the electronic device is proposed. Hereinafter, an example in which the present invention is applied to a file storage system using the distributed data archive apparatus shown in FIG. 1 will be described.

  FIG. 3 is a block diagram showing a file transfer mode when the method according to the present invention for ensuring redundancy is adopted in the file storage system shown in FIG. In the case of the example shown in FIG. 3, as in the example shown in FIG. 1, each divided file Fa, Fb, Fc is transmitted from the distributed data archive device 10 to only one server device. That is, as indicated by the solid line in the figure, the divided file Fa is transmitted to the server apparatus S1, the divided file Fb is transmitted to the server apparatus S2, and the divided file Fc is transmitted to the server apparatus S3 and stored therein.

  As described above, in the example illustrated in FIG. 3, the divided files Fa, Fb, and Fc are directly transmitted from the distributed data archive device 10 to each of the server devices S1, S2, and S3. However, not only direct file transmission from the distributed data archive device 10 is performed to each of the server devices S1, S2, and S3, but file transfer from another server device is also performed. The broken line in the figure shows such a file transfer route. Specifically, the server apparatus S1 transfers the received divided file Fa to the server apparatus S3 via the network N, and the server apparatus S2 transfers the received divided file Fb to the server apparatus S1 via the network N. Then, the server apparatus S3 transfers the received divided file Fc to the server apparatus S2 via the network N.

  As described above, in order to cause each server device to perform file transfer, it is necessary to notify transfer destination information for specifying another server device as a transfer destination. In FIG. 3, symbols “S3”, “S1”, and “S2” are attached to the divided files Fa, Fb, and Fc in the distributed data archive device 10, respectively. This is transfer destination information transmitted together with the divided file.

  The distributed data archiving apparatus 10 shown in FIG. 3 designates two server apparatuses as depositees of each divided file after creating the divided files Fa, Fb, and Fc. Here, one designated server device is referred to as a direct deposit destination, and the other server device is referred to as an indirect deposit destination. In the case of the illustrated example, the direct deposit destination S1 and the indirect deposit destination S3 are designated for the divided file Fa, the direct deposit destination S2 and the indirect deposit destination S1 are designated for the divided file Fb, and the divided file Fc The direct depositor S3 and the indirect depositor S2 are designated.

  It should be noted that it is possible to determine which server device is designated as a direct depositee and which server device is designated as an indirect depositee from among a plurality of server devices by various algorithms. For example, using random numbers, it is possible to randomly select server devices that are direct depositors and indirect depositors each time for each file to be stored, or to a predetermined rule set in advance. It is also possible to select based on. Of course, the administrator may set a specific server device as a direct deposit destination and an indirect deposit destination in advance, and the designation based on the setting may be performed. Also, for example, seven server devices that can be designated as direct depositees are prepared, and seven server devices that can be designated as indirect depositors are also prepared. If a rule “designate as a depository” is established, designation based on such a rule becomes possible. In the known mirroring technique, various algorithms for increasing redundancy are known, and therefore, a description of a specific algorithm for designating the depositee is omitted here.

  When the distributed data archiving apparatus 10 determines the direct deposit destination and the indirect deposit destination for each divided file in this way, information for identifying the indirect deposit destination together with the divided file (hereinafter referred to as indirect deposit destination information). ) May be directly transmitted to the server device serving as the depository. The transfer destination information “S3”, “S1”, “S2” shown in the figure is nothing but this indirect depositee information.

  That is, in the case of the illustrated example, the distributed data archive device 10 attaches the indirect depositee information “S3” to the divided file Fa, and transmits this to the server device S1 that is the direct depositee, and the divided file Fb. The indirect depositee information “S1” is attached to the server device S2 which is the direct depositee, and the indirect depositee information “S2” is attached to the divided file Fc. The process of transmitting to the server device S3 is performed.

  In the following examples, indirect depository information is attached to a file to be stored (combined with a file) and sent in the form of “file to be stored with indirect depository information”. In carrying out the invention, it is sufficient that the indirect depositee information and the storage target file can be transmitted in a format in which the correspondence between the two can be recognized, and it is not always necessary to transmit them together in one file.

  For example, in the example shown in FIG. 3, the transfer destination information “S3” is attached to the divided file Fa and is transmitted to the server device S1 as the attached information of the divided file Fa. S3 "and the divided file Fa may be transmitted separately. However, when transmitting separately, the reception at the server device S1 is also performed separately, so that the server device S1 side can recognize that both are compatible (for example, transfer destination information “S3 It is necessary to devise such as adding information such as the file name of the corresponding divided file Fa).

  On each server device side, when the storage target file to which the indirect depositee information is attached is transmitted from the distributed data archive device 10 (or the storage target file associated with each other and the indirect depository information are separated from each other). And the storage target file is specified by the attached indirect depository information (or the corresponding indirect depository information sent separately). Transfer to another server device. Further, each server device stores only the file to be stored from another server device (when indirect depositee information is not attached or sent separately) and stores it in itself. Process.

  After all, in the example shown in FIG. 3, the server device S1 receives the divided file Fa to which the indirect depositee information “S3” is attached, performs a process of storing the file Fa in itself, and at the same time the divided file Fa. Is transferred to the server device S3 specified by the indirect depositee information “S3”. The server device S3 stores the transferred divided file Fa in itself. Similarly, the server device S2 receives the divided file Fb to which the indirect depositee information “S1” is attached, performs processing for storing the file Fb in itself, and stores the divided file Fb in the indirect depositee information “S1”. ”Is transferred to the server device S1 specified by“. The server apparatus S1 stores the transferred divided file Fb in itself. In addition, the server device S3 receives the divided file Fc to which the indirect depositee information “S2” is attached, performs a process of storing the file Fc in itself, and stores the divided file Fc in the indirect depositee information “S2”. The process of transferring to the server apparatus S2 specified in (1) is performed. The server device S2 stores the transferred divided file Fc in itself.

  Thus, the divided files Fa and Fb are stored in the server device S1, the divided files Fb and Fc are stored in the server device S2, and the divided files Fc and Fa are stored in the server device S3. This storage state is exactly the same as in the example shown in FIG. 2, and the individual divided files Fa, Fb, and Fc are mirrored to ensure redundancy by redundant storage. In addition, the management information K in the IC card 20 includes information on both direct depositors and indirect depositors as depositors for each divided file. This point is also the example shown in FIG. Exactly the same. Therefore, in the unlikely event that an accident occurs in which a data file stored in one of the server devices is lost, a file having the same contents stored redundantly in another server device can be substituted. Thus, the reliability of data retrieval can be improved.

  The point to be noted here is that the transmission data capacity from the distributed data archive device 10 is almost the same as the example shown in FIG. Of course, in the case of the example shown in FIG. 3, the indirect depositee information “S3”, “S1”, and “S2” are attached to each of the divided files Fa, Fb, and Fc. Compared to the above, the transmission data capacity is slightly increased. However, since the indirect depositee information is information (for example, the URL of the server device) for specifying the server device that is the indirect depositee, the data capacity is very small. Therefore, in the example shown in FIG. 3, compared with the example shown in FIG. 1, there is practically no increase in the burden of the communication function of the distributed data archive device 10. This is a great merit compared to the example shown in FIG.

  As already described, the communication functions and communication environments of electronic devices used by general users are never sufficient, and it is preferable to suppress the transmission data capacity as much as possible. According to the present invention, it is possible to obtain the merit of keeping the transmission data capacity from the electronic device used by the user low while ensuring the redundancy in storing the data file. Actually, the electronic device used by the user is released from the file storage work when the file transmission to the direct depositee is completed.

  Of course, in the case of the example shown in FIG. 3, the division file is transferred from each server device designated as the direct deposit destination to each server device designated as the indirect deposit destination (route indicated by a broken line in the figure). The amount of information flowing through the network N itself is not saved. However, the server devices S <b> 1 to S <b> 3 are dedicated server computers installed to play a role of storing files, and have a sufficient communication function via the network N. In practice, a computer having a communication environment directly connected to the Internet via an optical fiber is generally used as each of the server devices S1 to S3, and has the ability to send and receive large-capacity data files at high speed. Yes. Therefore, the transfer process of the data file between the server apparatuses is not so much burden.

  Further, the file transfer process from the direct depository to the indirect depositor does not necessarily need to be performed in real time, and there is no problem even if it is executed as a so-called batch process with some time delay. Therefore, it is possible to avoid the time zone in which the traffic between the server apparatuses is congested and perform the file transfer process in an available time zone.

  The embodiment in which the present invention is applied to the distributed data archive apparatus 10 shown in FIG. 1 has been described above. However, the present invention is not limited to application to the distributed data archive apparatus. The basic concept of the present invention is to store files to be stored (in the case of FIG. 3, the divided files Fa, Fb, Fc) in the depository source device (in the case of the distributed data archive device 10 in the case of FIG. 3) as the depository destination. In the data archiving method in which redundancy is stored in another device (server devices S1, S2, S3 in the case of the example in FIG. 3), the following steps are executed.

  First, as the first stage, the depositor device determines the direct depositor device and the indirect depositor device as another device to be the depositee, and specifies the direct depositor information and the indirect depositor device that specify the direct depositor device. A process of storing indirect depository information in a predetermined location is performed. In the case of the example shown in FIG. 3, if the divided file Fa is focused on as the storage target file, for example, the server device S1 is determined as the direct deposit device and the server device S3 is determined as the indirect deposit device. Direct depositee information S1 and indirect depositee information S3 indicating the destination are stored in the IC card 20 as management information K.

  In the subsequent second stage, the depositor apparatus performs a process of transmitting the storage target file attached with the indirect depositee information directly to the depositor apparatus. For example, the divided file Fa serving as a storage target file is attached with indirect depositee information “S3” and transmitted to the server device S1 serving as a direct deposit device.

  In the third stage, the direct depositing device stores the transmitted storage target file in the first storage location, and specifies the transmitted storage target file by the attached indirect depositee information. Process to transfer to the indirect depository device. For example, if attention is paid to the divided file Fa, the server device S1, which is a direct depositing device for the divided file Fa, first stores the transmitted divided file Fa in the first storage location (ie, the server device S1). Stored in a storage location such as a magnetic disk). Further, the server device S1 performs a process of transferring the transmitted divided file Fa to the indirect depositing device specified by the attached indirect depositing destination information “S3”, that is, the server device S3.

  Finally, as a fourth stage, the indirect depositing apparatus performs a process of storing the transferred storage target file in the second storage location. For example, if attention is paid to the divided file Fa, the server device S3, which is an indirect depositor for the divided file Fa, stores the transferred divided file Fa in the second storage location (ie, the server device S3). The data is stored in a storage location such as a magnetic disk.

  By executing such a series of steps, it becomes possible to store the file to be stored in the depositor apparatus in both the first storage location and the second storage location. Of course, the first storage location may be any location as long as it is accessible by the direct depositing device, and the second storage location is any location as long as it is accessible by the indirect depositing device. Good. Accordingly, each server device does not necessarily store the file to be stored on a built-in magnetic disk or the like, and may store the file on a magnetic disk or the like connected to the outside.

  For practical purposes, the depositor device stores the direct depositor information and indirect depositor information in the external device, and then executes the step of erasing the direct depositor information and indirect depositor information from itself. Preferably, the direct depositing device executes the step of deleting the indirect depositee information from itself after transferring the storage target file to the indirect depositing device.

  For example, in the example shown in FIG. 3, the distributed data archive device 10 functioning as a depositor device stores direct depositee information and indirect depositee information as management information K in the IC card 20 that is an external device. After that, it is sufficient to execute a process of deleting these pieces of information from itself. Specifically, for the divided file Fa, direct depositee information and indirect depositee information “S1 & S3” are written to the IC card 20 as management information K. Such information does not remain in the device 10. Further, the server device S1 that functions as a direct depositing device for the divided file Fa transfers the divided file Fa to be stored to the server device S3 that functions as an indirect depositing device, and then from the indirect depositing destination information “S3” itself. "Can be deleted.

  If such an erasing process is executed, the information indicating “deposit destination” for each file to be stored is stored only as management information K in the IC card 20. In other words, the “deposit destination” for each file to be stored both in the distributed data archive device 10 functioning as the deposit source apparatus and in the individual server apparatuses S1 to S3 functioning as the deposit destinations. (S1 to S3 shown in the ellipse in FIG. 3) that does not remain. This is useful for improving security when hacked.

  For example, in the example shown in FIG. 3, if the indirect depositee information “S3” attached to the divided file Fa remains in the server device S1, the divided file Fa will be displayed when the server device S1 is hacked. In addition to the unauthorized person, the indirect depositee information “S3” is also transferred to the unauthorized person. As a result, there is a possibility that the server device S3 will suffer hacking damage. If the server device S3 is hacked, the divided file Fc is in the hands of an unauthorized person and the indirect depositee information “S2” is also in the hands of an unauthorized person. As a result, there is a possibility that the server apparatus S2 will suffer hacking damage in the future, and eventually, the divided file Fa, Fc, Fb will fall into the hands of the unauthorized person, and the original file F0. Will be more likely to be illegally restored. If the erasing process described above is executed, such damage can be prevented in advance.

<<< §3. Basic configuration of data storage system according to the present invention >>
In §2, an embodiment in which the present invention is applied to the distributed data archive device described in §1 is described. Here, an embodiment in which the present invention is applied to a more general data storage system will be described, and basic components and operations necessary to implement the present invention will be described.

  FIG. 4 is a block diagram showing the basic configuration of the data storage system according to the present invention. This system is a system for storing a storage target file F (corresponding to the divided files Fa, Fb, or Fc shown in FIG. 3) with redundancy, and as shown in FIG. Are connected to each other via a network N (in this example, the Internet), a storage processing device 100 that performs the storage, a management information storage device 200 that receives the access from the storage processing device 100 and stores management information M, and , And a plurality of server devices 300 and 400 connected to the storage processing device 100 via the network N.

  Here, for convenience of explanation, a system with a minimum configuration using two server apparatuses 300 and 400 is illustrated, but in practice, it is preferable to use a larger number of server apparatuses. In the case of the illustrated example, the server device 300 is a direct deposit server that functions as a direct deposit device, and the server device 400 is an indirect deposit server that functions as an indirect deposit device. In the data storage system according to the present invention, at least one of the plurality of server devices is a server device that can be designated as a direct deposit server, and at least one of the server devices needs to be a server device that can be designated as an indirect deposit server. .

  The storage processing apparatus 100 is a component having a server designating unit 110, a file depositing unit 120, a file extracting unit 130, a management information writing unit 140, and a management information reading unit 150, as illustrated.

  Here, the server designating unit 110 has a function of designating a direct deposit server and an indirect deposit server as a deposit destination of the storage target file F from a plurality of server devices that are components of the system. doing. As described above, the system shown in FIG. 4 is a system having a minimum configuration including one server device 300 that can be designated as a direct deposit server and one server device 400 that can be designated as an indirect deposit server. Therefore, the server designating unit 110 always performs a process of designating the server device 300 as a direct deposit server and designating the server device 400 as an indirect deposit server.

  However, in practice, as described above, a system including a large number of server devices is constructed. In this case, the server specifying unit 110 is provided with a list of these many server devices (a list including information indicating whether it can be specified as a direct depositing server or an indirect depositing server if necessary) Based on a predetermined algorithm, a process of selecting a direct deposit server and an indirect deposit server for each protection target file F is performed. For example, in the embodiment described in §2, the divided files Fa, Fb, and Fc are preferably distributed and stored in different server devices in order to improve security. In such a case, different server apparatuses are designated as the direct deposit server and the indirect deposit server for the divided files Fa, Fb, and Fc.

  The management information writing unit 140 includes direct depositee information D that specifies the direct deposit server designated by the server designating unit 110 and indirect depositee information I that identifies the indirect deposit server designated by the server designating unit 110. The management information storage device 200 is written as management information M. As described above, in practice, since different direct depositee information D and indirect depositee information I are designated for each individual file to be stored, the management information writing unit 140 stores the file F to be stored. Management information M including bibliographic information B (for example, a file name) for identifying the file is written.

  FIG. 4 shows bibliographic information B indicating the file name of the storage target file F (which may include the data capacity, the user ID or password of the depositor, if necessary), and direct depositee information. D (information such as a URL for specifying the server device 300 in this example) and indirect depositee information I (information such as a URL for specifying the server device 400 in this example) are managed. Information M is written in the management information storage device 200.

  The file depositing unit 120 associates the storage target file F with the indirect depositee information I, and designates the destination indicated by the direct depositee information D via the network N (in the example shown, designated as a direct deposit server). Process (depositing process indicated by a solid arrow route in the figure) is performed. As described above, the storage target file F and the indirect depositee information I can be transmitted separately as long as they are associated with each other. However, in the embodiment described here, the file depositing unit 120 performs processing for attaching the indirect depositee information I to the file F to be stored (the indirect depositee information I is configured with a code serving as a delimiter). The data to be stored may be added to the data to be the storage target file F), and the “storage target file F attached with the indirect depositee information I” is sent to the destination indicated by the direct depositee information D via the network N. Process to send to.

  On the other hand, the management information reading unit 150 performs a process of reading the management information M from the management information storage device 200. More specifically, the direct depositee information D or indirect depositee information I in the management information M, or both are read out. In the example shown here, the management information M is stored for each individual file F to be stored, and includes bibliographic information B indicating the file name. Therefore, the management information reading unit 150 uses the bibliographic information to read the management information M for the storage target file that the user requests to retrieve. For example, when the user makes a retrieval request for a specific storage target file F, the management information M including the bibliographic information B having the file name of the file F is searched, and the management information M is directly searched for. The depository information D, the indirect depository information I, or both are read out.

  The file extraction unit 130 gives a request to extract the storage target file that has been deposited to the direct deposit server or the indirect deposit server specified by the information read by the management information read unit 150, or both, The storage target file returned in response to this request is acquired and provided to the user.

  Next, the configuration of the server device 300 will be described. As described above, this server device 300 is a server device that can be designated as a direct deposit server, and includes a direct deposit processing unit 310, a direct deposit file return unit 320, and a direct deposit file storage unit 330.

  The direct deposit processing unit 310 is a component that functions when a user performs a file deposit process. From the file deposit unit 120 in the storage processing apparatus 100, the “indirect depositee information I is received via the network N”. When “attached storage target file F” is transmitted (in the case of transmitting the indirect depositee information I and the storage target file F separately, both of them in correspondence are transmitted) 2) The following two processes are executed. The first process is a process for storing the transmitted storage target file F directly in the deposit file storage unit 330. In the second process, the transmitted storage target file F is designated as an indirect deposit server specified by the indirect deposit destination information I via the network N (in the example shown, it is designated as an indirect deposit server). This is a process of transferring the server apparatus 400 as a destination (transfer process indicated by a broken-line arrow route in the figure).

  On the other hand, the direct deposit file return unit 320 is a component that functions when a user performs a file extraction process, and a request to extract a specific storage target file is given from the file extraction unit 130 in the storage processing apparatus 100. In response to the retrieval request, the specific storage target file F stored in the direct deposit file storage unit 330 is sent back to the file extraction unit 130 via the network N (indicated by a one-dot chain line in the figure). (Extraction process indicated by the arrow route) is executed.

  The direct deposit file storage unit 330 is a component for storing the storage target file F, and fulfills the function of storing the storage target file F delivered by the storage processing by the direct deposit processing unit 310. The storage target file F stored in the direct deposit file storage unit 330 in this way is read by the direct deposit file return unit 320 as necessary, and is returned to the file extraction unit 130 as described above.

  Finally, the configuration of the server device 400 will be described. As described above, the server device 400 is a server device that can be designated as an indirect deposit server, and includes an indirect deposit processing unit 410, an indirect deposit file return unit 420, and an indirect deposit file storage unit 430.

  The indirect deposit processing unit 410 is a component that functions when the user performs a file deposit process, and the storage target file F is transferred from the direct deposit processing unit 310 in the direct deposit server 300 via the network N. When it has been received, a process for storing the transferred storage target file F in the indirect deposit file storage unit 430 is executed.

  On the other hand, the indirect deposit file return unit 420 is a component that functions when a user performs a file extraction process, and receives a request to extract a specific storage target file from the file extraction unit 130 in the storage processing apparatus 100. In response to the retrieval request, the specific storage target file F stored in the indirect deposit file storage unit 430 is returned to the file extraction unit 130 via the network N (the dashed line in the figure) (Extraction process indicated by the route) is executed.

  The indirect deposit file storage unit 430 is a component for storing the storage target file F, and has a function of storing the storage target file F delivered by the storage processing by the indirect deposit processing unit 410. The storage target file F stored in the indirect deposit file storage unit 430 is read by the indirect deposit file return unit 420 as necessary, and is returned to the file extraction unit 130 as described above.

  The configuration of the data storage system according to the embodiment of the present invention has been described above with reference to the block diagram of FIG. 4. However, in practice, each component illustrated in FIG. 4 is configured by an electronic device such as a computer. can do. For example, the storage processing device 100 is configured by an electronic device such as a personal computer, a mobile phone, and a PDA device, and the management information storage device 200 is configured by a storage device such as an IC card that is accessed by such an electronic device. In this case, the management information writing unit 140 and the management information reading unit 150 are configured by hardware or software for writing to and reading from the storage device. Similarly, the file depositing unit 120 and the file extracting unit 130 are configured by hardware or software having a communication function for the network N. The server specifying unit 110 is configured by dedicated software incorporated in the electronic device.

  On the other hand, the server apparatus 300 and the server apparatus 400 can be configured by a server computer generally called a data server apparatus or a file server apparatus. The direct deposit file storage unit 330 and the indirect deposit file storage unit 430 can usually be configured by a hard disk storage device. Of course, as the file storage units 330 and 430, any device may be used as long as it has a function of storing data, such as an optical disk storage device, a magnetic tape storage device, and a semiconductor memory storage device. . In the illustrated example, the file storage units 330 and 430 are incorporated in the server apparatuses 300 and 400. However, the file storage units 330 and 430 are external to the server apparatuses 300 and 400. You may comprise by the hard disk storage device etc. which were connected to. The server device referred to in the present invention is a concept including such an external device.

  The direct deposit processing unit 310 and the indirect deposit processing unit 410 perform a function of storing the data file received via the network N in the file storage units 330 and 430, and the direct deposit file return unit 320 and the indirect deposit file return unit 420. Fulfills the function of reading a specific file requested via the network N from the file storage units 330 and 430 and transmitting it. Such a data file transmission / reception function and a writing / reading function are basic functions that a typical server device has as standard. Therefore, as the indirect deposit server 400, a normal file server device that has been generally used can be used as it is.

  On the other hand, the direct deposit server 300 can be basically constructed using a normal file server device that has been generally used, but the transfer processing function of the direct deposit processing unit 310 is as follows. Since this is a function unique to the present invention, it is necessary to newly incorporate it. That is, when a “storage target file F” is transmitted via the network N, the process of storing this in the file storage unit 330 is a basic function provided in a normal file server device. When “indirect depositee information I” is attached to “storage target file F” (in the case of an embodiment in which indirect depositee information I and storage target file F are transmitted separately, there is a correspondence relationship. The processing function of transferring the “storage target file F” to another server device specified by the “indirect depositee information I” is a function unique to the present invention when both are transmitted). Need to be newly incorporated.

  After all, when constructing the data storage system according to the present invention, a server device that can be designated as an indirect deposit server can be configured by using a normal file server device that has been generally used conventionally. On the other hand, a server device that can be designated as a direct deposit server sends “storage target file F with indirect depositee information I attached” to a normal file server device that is generally used conventionally. (In the case of the embodiment in which the indirect depositee information I and the storage target file F are transmitted separately), the “storage target file F” is referred to as “storage target file F”. , Can be configured by incorporating a dedicated program for performing a process of transferring to “another server device specified by the indirect depositee information I” via the network N (the direct deposit server is, of course, It becomes a server device that can also be specified as an indirect depository server).

  In FIG. 4, the lines connecting the server apparatuses 300 and 400 and the network N are drawn thicker than the lines connecting the storage processing apparatus 100 and the network N as described in §2. In addition, the server devices 300 and 400 are intended to clearly show that the server devices 300 and 400 have higher-performance communication functions and communication environments than the electronic devices (storage processing device 100) used by general users. Since the transfer process indicated by the broken line in the figure is a data transmission process that has undergone such a high-performance communication function and communication environment, it does not impose a particularly large burden on the server apparatuses 300 and 400.

  Next, using the data storage system shown in FIG. 4, the specific data flow when the user performs the operation of depositing the storage target file F and the specific data when the user performs the extraction operation. The flow will be described.

  First, consider a case where the user performs an operation for depositing the storage target file F to the storage processing apparatus 100. In this case, first, the server specifying unit 110 specifies the direct deposit server 300 and the indirect deposit server 400 as the servers that are the deposit destinations of the storage target file F. Since the illustrated example is a minimum configuration system including only two server devices 300 and 400, the server device 300 is designated as a direct deposit server and the server device 400 is designated as an indirect deposit server. Actually, a direct deposit server and an indirect deposit server for the file F to be stored are designated by a predetermined algorithm from a plurality of server devices (for example, designation based on random selection using random numbers, management Designation based on rules predetermined by the person).

  The management information writing unit 140 performs a process of storing the designation result by the server designation unit 110 in the management information storage device 200 as management information M. Specifically, bibliographic information B (for example, file name) that specifies the storage target file F, direct deposit destination information D (for example, URL of the server apparatus 300) that identifies the direct deposit server 300, and indirect deposit server 400 And the indirect depositee information I (for example, the URL of the server device 400) for specifying the management information M.

  On the other hand, the file depositing unit 120 performs processing for attaching the indirect depositee information I to the storage target file F. For example, a composite file “F + I” may be created by adding the second data constituting the indirect depositee information I to the end of the first data constituting the storage target file F. Practically, data that becomes some kind of delimiter (separator) is inserted between the first data and the second data, or data indicating the capacity value of the first data is arranged in the header portion, etc. Therefore, it is necessary to make it possible to recognize two pieces of data independently based on the composite file. As described above, the indirect depositee information I and the storage target file F may be transmitted separately in a format in which the mutual correspondence is maintained.

  Subsequently, the file depositing unit 120 performs processing for transmitting the composite file “F + I” to the destination indicated by the direct depositee information D. In the case of the illustrated example, the composite file “F + I” is transmitted directly to the deposit server 300 by the file deposit unit 120. Such transmission processing can be executed by using a general file transmission technique using a transmission protocol such as FTP, for example.

  The server apparatus 300 that has received the composite file “F + I” executes the following processing. First, the direct deposit processing unit 310 recognizes the storage target file F and the indirect depositee information I from the composite file “F + I”, and the storage target file F is directly stored in the direct deposit file storage unit 330. Further, the direct deposit processing unit 310 transfers the storage target file F to the indirect deposit server indicated by the indirect deposit destination information I, that is, the server device 400. Such a transfer process can be executed using a general file transmission technique using a transmission protocol such as FTP, for example.

  The server apparatus 400 that has received the storage target file F transferred in this way executes the following processing. That is, the indirect deposit processing unit 410 stores the received storage target file F in the indirect deposit file storage unit 430 as it is.

  Through the above processing, the storage target file F is stored in both the server apparatuses 300 and 400. For this reason, even if an accident occurs in which the storage target file F is lost from any one of the server devices, redundancy is obtained that enables the file to be extracted. Moreover, since the data capacity transmitted from the storage processing apparatus 100 to the network N is almost the same as the data capacity of the storage target file F (the data capacity of the indirect depositee information I is extremely small), the storage processing apparatus 100 The communication burden is light.

  Next, consider a case where the user performs an operation of taking out the storage target file F to the storage processing apparatus 100. In this case, first, the management information reading unit 150 reads the management information M for the storage target file F from the management information storage device 200. Specifically, for example, the management information M having the bibliographic information B including the file name of the storage target file F may be searched and read. Alternatively, if an operation is performed in which the file name of the storage target file F is included in a part of the file name of the management information M, the target management information M can be searched by the file name.

  Since the file extraction unit 130 can recognize that the direct deposit server 300 is a deposit destination by using the direct deposit destination information D included in the management information M read by the management information reading unit 150. In addition, it is possible to make a request for taking out the storage target file F to the direct deposit server 300. In this case, the direct deposit file return unit 320 that has received the request reads out the storage target file F stored in the direct deposit file storage unit 330 and returns it to the file extraction unit 130 via the network N. It will be. Such extraction processing can also be executed using a general file transmission technique using a transmission protocol such as FTP.

  Of course, the file extraction unit 130 can also recognize that the indirect deposit server 400 is a deposit destination by using the indirect deposit destination information I instead of the direct deposit destination information D. Therefore, it is possible to make a request for retrieving the storage target file F to the indirect deposit server 400. In this case, the indirect deposit file return unit 420 that has received the request reads the storage target file F stored in the indirect deposit file storage unit 430 and returns it to the file extraction unit 130 via the network N. It will be. Such extraction processing can also be executed using a general file transmission technique using a transmission protocol such as FTP.

  As described above, the storage target file F can be taken out directly from the depository server 300 or from the indirect depository server 400, but in practice it is sufficient to extract it from either one. Therefore, in practice, the file extraction unit 130 uses either the direct deposit server 300 or the indirect deposit server 400 specified by the information read by the management information reading unit 150 as a main acquisition destination and the other as a sub acquisition destination. First, a request to retrieve the storage target file F is given to the main acquisition destination to acquire the storage target file F, and if acquisition fails, a request to retrieve the storage target file F is given to the secondary acquisition destination What is necessary is just to try re-acquisition of the file F to be stored.

  FIG. 5 is a block diagram showing a flow when the storage target file F is taken out by such a procedure. In this example, the direct deposit server 300 (the server device specified by the direct deposit destination information D) is the main acquisition destination, and the indirect deposit server 400 (the server device specified by the indirect deposit destination information I) is the secondary acquisition destination. . For this reason, the file extraction unit 130 first gives a request to extract the storage target file F to the direct deposit server 300 that is the main acquisition destination, and tries to acquire the storage target file F main. If the server apparatus 300 is functioning normally, the storage file F should be returned by the direct deposit file return unit 320.

  However, if any abnormality occurs on the server device 300 side, the storage target file F is not returned correctly. For example, an accident in which a file being stored is lost due to a failure of a hard disk device constituting the direct deposit file storage unit 330, a communication function of the direct deposit file return unit 320 fails, or the server device 300 and a network If a failure occurs in the communication environment with N, the storage target file F is not returned.

  Therefore, if the target file is not returned within a predetermined time after giving the extraction request to the main acquisition destination, the file extraction unit 130 determines that the acquisition from the main acquisition destination has failed, and performs the secondary acquisition. A processing function that attempts to reacquire the destination may be provided. In this case, the file extraction unit 130 gives a request to extract the storage target file F to the indirect deposit server 400 that is the secondary acquisition destination, and tries to acquire the storage target file F on a secondary basis. If the server device 400 is functioning normally, the file F to be stored should be returned by the indirect deposit file return unit 420.

  The direct deposit file storage unit 330 and the indirect deposit file storage unit 430 are components having the same function of storing the file F to be stored, and the direct deposit file return unit 320 and the indirect deposit file return unit 420. Is a component having the same function of returning the storage target file F in response to the retrieval request. Thus, there is no difference between the direct depositor and the indirect depositor regarding the file storage function. Therefore, in the example shown in FIG. 5, the direct deposit server 300 is set as the main acquisition destination and the indirect deposit server 400 is set as the sub acquisition destination. If acquisition fails, re-acquisition may be attempted from the direct deposit server 300 as a secondary acquisition destination.

  Further, in the above-described example, the management information reading unit 150 reads the entire management information M for the specific storage target file F, and then extracts necessary direct deposit destination information D and indirect deposit destination information I therefrom. Although processing is being performed, if only specific data in the management information M can be selectively read when data is read from the management information storage unit 200, only necessary information is read individually. It doesn't matter if you do. For example, when an operation is performed with the server device specified by the direct depositee information D as the main acquisition destination, normally, only the direct depositee information D is read out, except when an accident occurs. Can be retrieved. Therefore, in this case, the management information reading unit 150 only needs to read the direct depositee information D in the management information M regarding the file to be extracted.

<<< §4. More practical examples >>
In §3, a basic embodiment in which the present invention is applied to a general data storage system is described. Here, some practical examples will be described in practicing the present invention.

<4-1: Example with report processing added>
In the system described in §3, the “indirect depositee information I and the storage target file F” are transmitted from the file depositing unit 120 directly to the depositing server 300, so that the storage processing on each server device side is not hindered. It is assumed that this will be done. However, in reality, there is a possibility that correct file storage on the server device side may not be performed for some reason. Therefore, in practice, it is preferable to add a report process for transmitting some confirmation information from the server apparatus to the storage processing apparatus and reporting that the storage target file F has been stored correctly.

  For example, in the system shown in FIG. 4, the “indirect depositee information I and storage target file F” transmitted from the file depositing unit 120 is normally received by the direct deposit processing unit 310 and the storage target file F Is stored in the direct deposit file storage unit 330, the file deposit unit 120 as a transmission source is provided with a function of transmitting a deposit confirmation. For example, information including information (file name or the like) for specifying the storage target file F and a code indicating that the file F has been normally stored may be used as the information to be transmitted as the trust confirmation. On the other hand, when the deposit confirmation is obtained, the file depositing unit 120 presents information indicating that the storage process has been completed to the user (for example, “File XX has been stored normally”). The function of presenting such a message is provided.

  Then, after the user performs an operation to deposit the storage target file F with respect to the storage processing apparatus 100, the user recognizes that the storage processing has ended normally by checking the message as in the above example. be able to.

  In addition, after sending “indirect depositee information I and storage target file F” to the file depositing unit 120, if the deposit confirmation is not obtained within a predetermined time, the storage process fails for the user. It is preferable to provide a function for presenting information indicating that this has been done (for example, presenting a message such as “Failed to store file XX”).

  By the way, the above-described deposit confirmation merely indicates that the storage process in the direct deposit processing unit 310 is normally performed, and does not indicate that the storage process in the indirect deposit processing unit 410 is normally performed. . In other words, in the above-described embodiment, even when the information presentation indicating that the storage process has been completed is performed for the user, the information presentation is “at least at the direct depository, the storage process was normally performed”. It does not indicate that “the storage process has been performed normally at both the direct depository and the indirect depository in order to ensure redundancy”.

  Therefore, practically, the indirect deposit processing unit 410 normally receives the storage target file F transferred from the direct deposit processing unit 310, and the normal storage target file F is normally transmitted to the indirect deposit file storage unit 430. It is preferable to provide a function of transmitting a transfer confirmation to the direct deposit processing unit 310 as a transmission source on the condition that the data is stored. As information to be transmitted as the transfer confirmation, for example, information including information (file name or the like) for specifying the file F to be stored and a code indicating that the file F has been normally stored may be used.

  On the other hand, the direct deposit processing unit 310 transmits the deposit confirmation on the weighted condition that the transfer confirmation from the indirect deposit processing unit 410 is obtained. That is, the direct deposit processing unit 310 normally receives the “indirect depositee information I and the storage target file F” transmitted from the file depositing unit 120, and the direct deposit processing unit 310 normally receives the storage target file F to the direct deposit file storage unit 330. And the transfer confirmation regarding the storage target file F is sent from the indirect deposit processing unit 410 to the file depositing unit 120 serving as the transmission source. Become.

  FIG. 6 is a block diagram showing the flow of confirmation information in an embodiment in which operation is performed under such a weighting condition. When the “indirect depositee information I and the storage target file F” is transmitted from the storage processing apparatus 100 to the direct deposit server 300, the storage target file F is stored in itself in the direct deposit server 300. A process is performed, and a process of transferring this to the indirect deposit server 400 is performed. The indirect deposit server 400 performs a process of storing the transferred file F to be stored in itself, and transmits the transfer confirmation to the direct deposit server 300 when the storage process is normally completed. The direct deposit server 300 is consigned to the storage processing device 100 on condition that the process of storing the file F to be stored in itself is normally performed and the transfer confirmation from the indirect deposit server 400 is obtained. Send confirmation.

  If the deposit confirmation with respect to the storage processing apparatus 100 is performed under the conditions shown in FIG. 6, the deposit confirmation is performed by the storage target file F in both the direct deposit server 300 and the indirect deposit server 400. The report shows that it was stored successfully. If the storage processing device 100 presents a message such as “File XX has been stored normally” when such a commission confirmation is obtained, the user can It can be recognized that the storage target file F has been stored normally with redundancy.

  As described above, in the case of taking a form of sending a confirmation of confirmation to the storage processing device 100, the management information writing unit 140 is notified to the file depositing unit 120 that the confirmation of confirmation of trust has been obtained. It is preferable that the management information writing unit 140 waits for the report and writes the management information M. Then, the direct deposit destination information D and the indirect deposit destination information I indicating the server device are written in the management information storage device 200 only when the storage target file F is actually stored normally in each server device. Therefore, the consistency with the actual storage state is always maintained.

  Also, if the deposit confirmation is not received in the file depositing unit 120 within a predetermined time, instead of immediately presenting information indicating that the archiving process has failed to the user, a deposit process for another server device is tried. Is also possible. The system shown in FIG. 4 is a minimum configuration system including only a single direct deposit server 300 and a single indirect deposit server 400. However, as described above, a larger number of server devices are used in practice. It is common to operate. As described above, when there are a plurality of selection branches by the server specifying unit 110, even if the storage process fails without receiving the deposit confirmation within a predetermined time, if a deposit process based on another selection branch is attempted, There is a high possibility that the storage process will be performed normally.

  Therefore, when the deposit confirmation is not received within the predetermined time for the storage processing apparatus 100, the server designation unit 110 performs a new designation (selection) different from the previous time, and the file depositing unit 120 The indirect depositee information I and the storage target file F based on the new designation (selection) are transmitted to the direct deposit server based on the new designation (selection). Further, the management information writing unit 140 writes the management information M based on the new designation (selection) in the management information storage device 200.

  If such an operation is performed, it becomes possible to perform normal storage processing using another server device, even if a specific server device happens to be defective and normal storage processing cannot be performed, By obtaining entrustment confirmation from the other server device, information indicating that the storage process has been completed can be presented to the user. Of course, if the storage process based on the new designation (selection) fails, a storage process based on another designation (selection) can be tried. In addition, when a new designation (selection) is repeated a predetermined number of times and any of the storage processes fails, information indicating that the storage process has failed may be presented.

<4-2: Examples for improving security>
In the application example to the distributed data archiving apparatus described in §2, the example in which the direct depositee information and the indirect depositee information are deleted after the storage process is completed has been described. Also in the data storage system shown in FIG. 4, it is preferable to delete the direct depositee information D and the indirect depositee information I from useless places as much as possible in order to improve security.

  Specifically, regarding the storage processing device 100, the file depositing unit 120 completes the process of transmitting the indirect depositee information and the file to be stored via the network, and the management information writing unit 140 directly deposits the deposit. After completing the process of writing the destination information D and the indirect depository information I as management information M to the management information storage device 200, the written direct depository information D and the indirect depository information I are stored in the storage processing device 100. It is preferable to perform a process of erasing from the inside.

  The direct deposit destination information D is information indicating a destination to which the file deposit unit 120 transmits the storage target file F, and the indirect deposit destination information I is information that the file deposit unit 120 transmits with the storage target file F. . Therefore, when the transmission by the file depositing unit 120 is completed and the writing by the management information writing unit 140 is completed, it is no longer necessary to stop the direct depositing destination information D and the indirect depositing destination information I in the storage processing device 100. Absent. Therefore, at this time, there is no problem even if the direct deposit destination information D and the indirect deposit destination information I are deleted from the storage processing apparatus 100.

  On the other hand, with respect to the direct deposit server 300, after the direct deposit processing unit 310 completes the process of transferring the storage target file F to the indirect deposit server 400, the indirect deposit destination information corresponding to the transferred storage target file F is completed. It is preferable to perform a process of directly erasing I from the deposit server 300. Since the indirect depositee information I is information indicating the destination to which the direct deposit processing unit 310 transfers the storage target file F, the indirect depositee information I no longer stops in the direct deposit server 300 when the transfer process is completed. There is no need to keep it. Therefore, at this point, there is no problem even if the process of deleting the indirect depositee information I directly from the depository server 300 is performed.

  If such an erasing process is executed, the information indicating the “deposit destination” for the storage target file F is stored only as the management information K in the management information storage device 200. In other words, neither the storage processing apparatus 100 nor the individual server apparatuses 300 and 400 has any information indicating the “deposit destination” for the storage target file F. This is useful for improving security when hacked. In particular, in the application example to the distributed data archiving apparatus described in §2, it is possible to prevent a situation in which a fraudulent person falls into a formula in which a deposit destination of mutually related divided files is determined.

<4-3: Example using dual-purpose server>
The system shown in FIG. 4 includes one storage processing device 100, one management information storage device 200, one server device 300 that can be designated as a direct deposit server, and one that can be designated as an indirect deposit server. The server system 400 is a minimum configuration system. However, in practice, a system using a larger number of storage processing devices, management information storage devices, and server devices will be used.

  FIG. 7 is a block diagram showing a more practical embodiment of the data storage system according to the present invention. The upper part of the figure shows a state in which three storage processing apparatuses 100A, 100B, and 100C are connected to a network N (Internet). Management information storage devices 200A, 200B, and 200C are connected to the storage processing devices 100A, 100B, and 100C, respectively.

  Here, if the specifications of the three storage processing devices 100A, 100B, and 100C are made common and the specifications of the three management information storage devices 200A, 200B, and 200C are made common, each of the storage processing devices 100A, 100B, and 100C Combinations of connections with the management information storage devices 200A, 200B, and 200C are arbitrary. Therefore, each storage processing device 100A, 100B, 100C is a public device installed at a predetermined place for use by many users, and each management information storage device 200A, 200B, 200C is used by each user. If distributed to each user as a personal device to be used, each user connects the management information storage device 200 distributed for his / her own use to any storage processing device 100A, 100B, 100C as necessary, and It will be possible to deposit and take out.

  On the other hand, the lower part of FIG. 7 shows a state in which five server apparatuses 500A to 500E are connected to the network N (Internet). Here, all of these five server devices 500A to 500E are “shared servers that can be designated as either direct depositing servers or indirect depositing servers”. In the figure, for convenience, only the internal configuration of the server device 500A is shown as a block diagram, but the other server devices 500B to 500E also have the same internal configuration.

  In principle, the system according to the present invention requires at least one server device that can be designated as a direct deposit server and at least one server device that can be designated as an indirect deposit server. It is preferable that a part or all of the plurality of server apparatuses be configured by “a dual-purpose server that can be designated as either a direct deposit server or an indirect deposit server”.

  As shown in FIG. 7, the dual-purpose server device 500 </ b> A includes a dual-purpose deposit processing unit 510, a dual-purpose deposit file return unit 520, and a dual-purpose deposit file storage unit 530.

  Here, the combined deposit file storage unit 530 is a component that performs the functions of both the direct deposit file storage unit 330 and the indirect deposit file storage unit 430 shown in FIG. However, in practice, it can be configured by a storage device such as a hard disk device used in a general server device.

  The combined deposit processing unit 510 is a component that performs the functions of both the direct deposit processing unit 310 and the indirect deposit processing unit 410 shown in FIG. That is, when both the indirect depositee information I and the storage target file F are transmitted, the transmitted storage target file F is stored in the combined deposit file storage unit 530 and the transmitted storage target file is transmitted. A function as the direct deposit processing unit 310 is performed by performing a process of transferring F to the indirect deposit server specified by the indirect deposit destination information I via the network. On the other hand, when only the storage target file F has been transferred, the function as the indirect deposit processing unit 410 is achieved by performing a process of storing the transferred storage target file F in the combined deposit file storage unit 530.

  The combined deposit file return unit 520 is a component that performs the functions of both the direct deposit file return unit 320 and the indirect deposit file return unit 420 shown in FIG. In other words, in response to a request from the file extraction unit 130 in the storage processing devices 100A to 100C, a process of returning the storage target file F stored in the combined deposit file storage unit 530 to the file extraction unit 130 is performed.

  As described in §3, among the processing functions performed by the dual-purpose server device 500A, a general file server is standardly provided except for the processing function for transferring the storage target file F to another server device. It is a processing function. Therefore, this dual-purpose server device 500A can be realized by incorporating a dedicated program for performing transfer processing into a general file server that has been used conventionally.

  In §3, an example is described in which one direct deposit server and one indirect deposit server are associated with one file F to be stored, and the same file is stored in two locations. It is also possible to specify a plurality of indirect depository servers.

  For example, in the example shown in FIG. 7, the server device 500A is designated as the first direct deposit server, and here, the file F to which the indirect depositee information specifying the server device 500B as the first indirect deposit server is attached. Further, the server device 500C is designated as the second direct deposit server, and the file F to which the indirect deposit destination information specifying the server device 500D as the second indirect deposit server is attached is transmitted. Like that.

  Then, the server device 500A stores the file F by itself and performs a process of transferring the file F to the server device 500B. In addition, the server device 500C stores the file F by itself and performs processing for transferring the file F to the server device 500D. Thus, the storage target file F is stored in the four server apparatuses 500A, 500B, 500C, and 500D.

  However, with the method described above, it is necessary to transmit files from the storage processing device 100 to the first direct depositing server 500A and the second direct depositing server 500C, and the communication burden on the storage processing device 100 increases. To do. Therefore, in order to reduce the communication burden of the storage processing device 100, only the server device 500A is designated as a direct deposit server, and the remaining three server devices 500B, 500C, 500D are all designated as indirect deposit servers. Good.

  In this case, the storage processing device 100 creates a file F attached with indirect depositee information that specifies the three server devices 500B, 500C, and 500D as indirect depository servers, and only the server device 500A that directly serves as the depository server. Will be sent to. Receiving the transmission, the server device 500A stores the file F by itself and transfers the file F to the three server devices 500B, 500C, and 500D. Thus, the storage target file F is stored in the four server apparatuses 500A, 500B, 500C, and 500D.

  In the embodiments so far, the processing for deleting the file to be stored stored on the server device side has not been described. Of course, in practice, each server device is storing it as necessary. It is preferable to provide a function for deleting the file. For example, if the storage period is determined to be six months in advance, each server device can appropriately delete a file that has passed six months after storage. Alternatively, a specific file may be deleted based on an instruction from a user who operates the storage processing device.

<4-4: Configuration Examples of Storage Processing Device and Management Information Storage Device>
In the data storage system shown in FIG. 4, the storage processing device 100 and the management information storage device 200 shown as a block diagram can actually be configured by various electronic devices. Here, specific examples of these configurations will be described.

  In the configuration example shown in FIG. 8, the storage processing device 100 is configured as a device incorporated in a part of “a data processing device 600 that includes a CPU and a storage device and operates based on an input operation from a user”. In this example, the management information storage device 200 is constituted by an IC card 700 that is accessed from the data processing device 600. The data processing device 600 is an electronic device including a CPU and a storage device, such as a computer, a mobile phone, and a PDA device, for example. Has the function to perform. In this case, the IC card 700 functions as a memory card used by being connected to a computer, a mobile phone, a PDA device, or the like.

  For example, when a personal computer is used as the data processing device 600, the personal computer can function as the storage processing device 100 by incorporating a dedicated program into the personal computer. Connection processing to the network N can be performed using the communication function of the personal computer. The user creates a storage target file F using another function (for example, word processing software) incorporated in the personal computer, and uses the function of the storage processing device 100 to store the storage target file F in an external server device. Can be stored in. In this case, the management information M is written in the IC card 700 that functions as the management information storage device 200.

  If the user has the IC card 700, the user can take out the storage target file F anytime and anywhere. The storage processing device 100 used when taking out does not need to be the data processing device 600 (personal computer) used when depositing. If the IC card 700 possessed is connected to an arbitrary data processing apparatus 600 functioning as the storage processing apparatus 100, the storage target file F can be obtained.

  The management information storage device 200 is provided in a completely different storage location (for example, any server device) accessible via the Internet, and a URL indicating the storage location is written in the IC card 700. Also good. In this case, the management information is stored in the storage location, but the storage processing apparatus 100 can access the management information by referring to the URL written in the IC card 700.

  In the configuration example shown in FIG. 9, the storage processing device 100 is configured by a single computer 800, and the management information storage device 200 is a magnetic storage device, an optical storage device, or a semiconductor storage device built in the computer. It is an example comprised by. In this case, the storage processing device 100 and the management information storage device 200 are built in the computer 800 by incorporating a dedicated program into the single computer 800.

  When the management information storage device 200 is configured by an optical storage device, a medium such as a CD-R or DVD-R can be taken out from the computer 800. In this case, the management information storage device 200 is The portion of the storage medium to be configured can be carried away from the computer 800. Of course, the management information storage device 200 can also be configured by a magnetic storage device, an optical storage device, or a semiconductor storage device that is externally attached to the computer 800.

10: distributed data archive device 20: IC card 100, 100A, 100B, 100C: storage processing device 110: server designating unit 120: file depositing unit 130: file extracting unit 140: management information writing unit 150: management information reading unit 200, 200A, 200B, 200C: Management information storage device 300: Server device (direct deposit server)
310: Direct deposit processing unit 320: Direct deposit file return unit 330: Direct deposit file storage unit 400: Server device (indirect deposit server)
410: Indirect deposit processing unit 420: Indirect deposit file return unit 430: Indirect deposit file storage units 500A to 500E: Server device 510: Dual deposit processing unit 520: Dual deposit file return unit 530: Dual deposit file storage unit 600: Data processing Device 700: IC card 800: Computer B: Bibliographic information D: Direct depositee information F: Storage target file F0: Original file Fa: Split file Fb: Split file Fc: Split file I: Indirect depositee information K: Management information M : Management information N: Network (Internet)
S1-S3: Server device

Claims (18)

A data storage system for storing files to be stored with redundancy,
A storage processing device for depositing and extracting files to be stored;
A management information storage device for receiving management information from the storage processing device and storing management information;
A plurality of server devices connected to each other via a network and connected to the storage processing device via the network;
With
The storage processing device includes:
A server designating unit that designates a direct deposit server and an indirect deposit server as a deposit destination of the storage target file from the plurality of server devices,
Management information storage apparatus stores direct depositee information that specifies the direct deposit server designated by the server designating unit and indirect depositee information that identifies the indirect deposit server designated by the server designating unit as management information. A management information writing unit for writing;
A file depositing unit for transmitting the indirect depositee information and the storage target file to the direct depositing server via a network;
A management information reading unit that reads the direct depository information or the indirect depository information from the management information storage device, or both;
The direct deposit server or the indirect deposit server specified by the information read by the management information reading unit is given a request to retrieve the file to be stored that has been deposited, and returned in response to this request. A file extraction unit for acquiring the files to be stored;
Have
Among the plurality of server devices, at least one is a server device that can be designated as the direct deposit server, and at least one is a server device that can be designated as the indirect deposit server,
The server device that can be designated as the direct deposit server is:
A direct deposit file storage unit for storing the file to be stored;
When the indirect depositee information and the storage target file are transmitted from the file deposit unit, the storage target file is stored in the direct deposit file storage unit, and the storage target file is stored via the network. A direct deposit processing unit for forwarding to an indirect deposit server identified by the indirect depositee information;
In response to a request from the file extraction unit, a direct deposit file return unit that returns a file to be stored stored in the direct deposit file storage unit to the file extraction unit;
Have
The server device that can be designated as the indirect deposit server is:
An indirect deposit file storage unit for storing the file to be stored;
An indirect deposit processing unit that stores the transferred file to be stored in the indirect deposit file storage unit when the file to be stored is transferred from the direct deposit processing unit;
In response to a request from the file extraction unit, an indirect deposit file return unit that returns a file to be stored stored in the indirect deposit file storage unit to the file extraction unit;
A data storage system comprising: The data storage system according to claim 1,
Condition that the direct deposit processing unit has successfully received the "indirect depositee information and files to be stored" sent from the file deposit unit and has successfully stored the files to be stored in the direct deposit file storage unit Has a function to send a receipt confirmation to the file depositing department as a transmission source,
A data archiving system, wherein a file depositing unit presents information indicating that a archiving process is completed to a user when the entrustment confirmation is obtained. The data storage system according to claim 2,
The indirect deposit processing unit becomes a transmission source on condition that the storage target file transferred from the direct deposit processing unit has been successfully received and the storage target file has been stored normally in the indirect deposit file storage unit. It has a function to send a transfer confirmation to the direct deposit processing unit,
A data archiving system, wherein a direct deposit processing unit transmits a deposit confirmation under a weighted condition that the transfer confirmation from the indirect deposit processing unit is obtained. The data storage system according to claim 2 or 3,
The file depositing department has a function to report to the management information writing section that the acceptance confirmation has been obtained,
A management information writing unit waits for the report and writes management information. In the data storage system according to any one of claims 2 to 4,
A data archiving system, wherein a file depositing unit presents information indicating that a archiving process has failed to a user when a deposit confirmation is not obtained within a predetermined time. In the data storage system according to any one of claims 2 to 4,
If the acceptance confirmation does not reach the file depositing department within a predetermined time, the server designating part makes a new designation different from the previous one, and the management information writing part stores the management information based on the new designation. A data archiving system, wherein the file depositing unit writes in the apparatus, and the file depositing unit transmits the indirect depositee information based on the new designation and the storage target file to the direct depositing server based on the new designation. In the data storage system according to any one of claims 1 to 6,
The file deposit department completes the process of sending indirect depositee information and files to be stored via the network, and the management information writing section manages the direct depositee information and indirect depositee information as management information. A data archiving system which performs a process of erasing the written direct depository information and indirect depository information from the storage processing apparatus after completing the process of writing to the information storage apparatus. In the data storage system in any one of Claims 1-7,
After the direct deposit processing unit completes the process of transferring the file to be stored to the indirect deposit server, the indirect deposit destination information corresponding to the transferred file to be stored is deleted from the direct deposit server. A data storage system characterized by The data storage system according to any one of claims 1 to 8,
The management information writing unit has a function of writing management information including bibliographic information for specifying a storage target file,
A data storage system, wherein a management information reading unit reads management information about a file to be stored requested by a user using the bibliographic information. In the data storage system according to any one of claims 1 to 9,
First, the file extraction unit stores the direct acquisition server or the indirect storage server specified by the information read by the management information reading unit as the main acquisition destination and the other as the secondary acquisition destination. When the acquisition of the storage target file is performed by giving a request to retrieve the target file, and the acquisition fails, the request to retrieve the storage target file is given to the secondary acquisition destination and the re-acquisition of the storage target file is attempted. And data storage system. In the data storage system according to any one of claims 1 to 10,
The file depositing section performs processing for attaching indirect depositee information to a file to be stored, and transmits the file to be stored with the indirect depositee information attached to the direct depository server via the network. A data storage system characterized by The data storage system according to any one of claims 1 to 11,
The server designation unit performs a process of selecting a specific server device from a plurality of server devices randomly or for each storage target file based on a predetermined rule set in advance. A data archiving system, wherein a direct deposit server and an indirect deposit server are designated based on the data. In the data storage system according to any one of claims 1 to 12,
Some or all of the multiple server devices
A combined deposit file storage unit that functions as both a direct deposit file storage unit and an indirect deposit file storage unit;
When both the indirect depositee information and the storage target file are transmitted, the transmitted storage target file is stored in the combined deposit file storage unit, and the transmitted storage target file is transmitted via the network. By performing the process of transferring to the indirect deposit server specified by the indirect depositee information, the function as a direct deposit processing unit is performed, and when only the file to be stored is transferred, the transferred file to be stored A dual-purpose deposit processing unit that functions as an indirect deposit processing unit by performing a process of storing in the dual-purpose deposit file storage unit,
Functions of both the direct deposit file return unit and the indirect deposit file return unit by returning the storage target file stored in the combined deposit file storage unit to the file extraction unit in response to a request from the file extraction unit A dual-purpose deposit file return section,
A data storage system comprising a server device that can be designated as either a direct deposit server or an indirect deposit server. In the data storage system according to any one of claims 1 to 13,
The storage processing device is configured as a device incorporated in a part of “a data processing device that incorporates a CPU and a storage device and operates based on an input operation from a user”, and is stored in the storage device. Has the function of depositing files as files to be stored,
A data storage system, wherein the management information storage device is constituted by an IC card that is accessed from the data processing device. In the data storage system according to any one of claims 1 to 13,
The storage processing device is composed of one computer,
A data storage system, wherein the management information storage device is constituted by a magnetic storage device, an optical storage device, or a semiconductor storage device built in or attached to the computer.   The program for functioning a computer as a storage processing apparatus in the data storage system in any one of Claims 1-13. A data storage method for storing files to be stored in a depository device with redundancy in another device as a depository,
Direct depositing device information for identifying the direct depositing device and indirect depositing destination information for identifying the indirect depositing device by determining the direct depositing device and the indirect depositing device as different devices to be deposited with the depositing source device And storing it in a predetermined place;
The depositor device transmitting the indirect depositee information and the file to be stored to the direct depositor;
The direct depositing device stores the transmitted file to be stored in a first storage location, and the transmitted file to be stored is specified by the indirect deposit destination information transmitted. Transferring to the device;
The indirect depositing device storing the transferred file to be stored in a second storage location;
And storing the file to be stored in the depositor apparatus in both the first storage location and the second storage location. The data storage method according to claim 17,
After the depositor device stores the direct depositor information and indirect depositor information in the external device, the direct depositor information and the indirect depositor information are erased from itself,
After the direct depositing device transfers the file to be stored to the indirect depositing device, erasing the indirect depositee information from itself;
A data storage method characterized by further comprising:

Images