1. Field of the Invention
The present invention relates to a multi-database system where databases are present in a distributed form. Among others, the present invention relates to security for the disclosure of information of the multi-database system. The present invention, more particularly, relates to a secure multi-database system in which a plurality of databases are operated in an federating manner and security for individual databases is ensured, and an information mediation system on a network to which such a system is applied.
2. Description of the Related Art
Currently, as a technique for getting access to a multi-database (MDB) system, there has been known a technique which gets access to a table (an external table) of an external database (external DB) through an external data wrapper. In this technique, a user declares an access method to the external DB or the configuration of the external table to the MDB system. In the MDB system, the external table is handled in the same manner as a usual view table and it is possible for the user to declare a view table which combines external tables together or a view table which combines the external table with a table inside the MDB system (an internal table).
ISO/IEC standardizes the architecture and a database language of this MDB system as xe2x80x9cDatabase Language SQL-Part 9: Management of External Data (SQL/MED)xe2x80x9d which is a database language SQL having a specification Part 9 for a next generation known as SQL3 or SQL-Part 99. With respect to SQL/MED, a draft of ISO/IEC is laid open to the public and as an article which interprets ISO/IEC, ACM SIGMOD Record, Vol.29, No.1, March 2000, pp63-67, xe2x80x9cSQL Standardization: The Next Stepsxe2x80x9d is available.
Conventionally, as security for DB, a method which sets an access authority to the data to individual users and controls access to the DB based on such access authority xe2x80x9caccess controlxe2x80x9d has been dominantly used. The same goes for the MDB.
Recently, along with the popularization of the Internet, the Intranet and the Extranet, the chances that the user gets access to the DB through the network have been increased. In this case, to protect the query messages and data being transmitted through the network from improper access, there has been proposed a method which transmits the query messages and data after encrypting the query messages and data. As a method for encrypting the query messages, U.S. Pat. No. 5,713,018 discloses xe2x80x9cSYSTEM AND METHOD FOR PROVIDING SAFE SQL-LEVEL ACCESS TO A DATABASExe2x80x9d. Further, as a method for processing data by encrypting the data on a DBMS, U.S. Pat. No. 5,963,642 discloses xe2x80x9cMETHOD AND APPARATUS FOR SECURE STORAGE OF DATAxe2x80x9d.
Further, as an example which adopts a multi-database system as an information mediation business on the Internet, xe2x80x9cYodlee.comxe2x80x9d is known. This business is a service which provides the service details which individual service providers provide in a form that the service details are integrated into one. The user can get the reference of all of the service details by merely getting access to Yodlee.com and hence, it is unnecessary for the user to get access to individual service providers. Yodlee.com regards individual service providers as information sources and performs inquiries of the service details to the service providers while setting respective users as keys and integrates and provides the results of inquiries to the users. Here, although the acquired service details are cached in an internal DB, security is ensured by encrypting the data of this internal DB.
First of all, problems on techniques to realize the information mediation business on a network which are analyzed by inventors of the present invention are explained in conjunction with FIG. 17. Then, taking this business as an example, tasks to be solved by the present invention are specifically explained.
The information mediation business is a service business which virtually integrates information sources distributed on the network and provides an integrated access path to users. When viewed from the stand point of users, since destinations to which inquiries are made are integrated into one, the availability is increased. The previously mentioned Yodlee.com is also a kind of information mediation business and intermediates enterprises and personal users. This mode is a so-called xe2x80x9cB2C typexe2x80x9d. Besides this B2C type, there exists a mode of B2B type which intermediates enterprises and enterprise users and FIG. 17 shows such an example.
In FIG. 17, a mediator 301 provides an access path for an A sales company 304a, a B sales company 304b and a C sales company 304c to an aaa company 303a, a bbb company 303b and a ccc company 303c which constitute client enterprises as virtual detailed statement slips 302a-302c. The substance of the virtual detailed statement slips is a view table and respectively declares transaction information 45a, 45b and 45c as external tables in a multi-database server 1 and merges them using respective client enterprises as keys. Inquiries from clients 3a, 3b and 3c are transmitted to respective DB 45a-45c through the multi-database server 1 and tables on query results (result tables) are integrated and returned to respective clients. In this specification, xe2x80x9cdeclarationxe2x80x9d or xe2x80x9cto declarexe2x80x9d means xe2x80x9cto designatexe2x80x9d.
With respect to this business, in the multi-database server 1, a system to ensure the security for virtual detailed statement slips of clients becomes far more important than a conventional case. This is because that to consider the business from a viewpoint of security, although the transaction information is distributed to the database of respective sales companies so that the risk brought about by improper access becomes inevitably distributed, since the transaction information are merged through virtual detailed statement slips so that damages when the improper access happens are increased. Particularly, if it is possible to provide a system in which even if the mediator 301 is an administrator of the multi-database server 1, he cannot observe the contents of the mediation information so that the reliability of the mediator from not only the users but also the information provider side can be increased.
Subsequently, tasks of conventional techniques to satisfy this requisite are explained.
First of all, in an access control, although an unauthorized user is prevented from getting access to the virtual detailed statement slips, the administrator can easily get access to the virtual detailed statement slips and hence, the above-mentioned requisite cannot be satisfied. Eventually, it is difficult for the mediator to acquire the reliability from the users and the information providers so that it is difficult to establish the information mediation business.
Although the method which encrypts query messages and result tables which are transmitted through the network can prevent these information from being improperly stolen or forged, the method is only applicable to a case where a client and a database correspond to each other on a one to one basis. That is, there has been a problem that it is difficult to directly apply this method to a multi-database.
Although the previously mentioned Yodlee.com method encrypts data to be stored in an inner DB so that it provides a system in which even an administrator can not easily refer to data of the inner DB, the administrator can refer to data before the data is encrypted in a multi-database server in principle so that it is difficult to completely satisfy the above-mentioned requisite. Further, a man who sets and executes the encryption is the administrator himself so that it is difficult for users and information providers to totally rely on the mediator.
Accordingly, it is a first object of the present invention to provide a secure multi-database system in which it is difficult even for an administrator to observe contents of data transacted between clients and external database.
Further, it is a second object of the present invention to provide a information mediation system in which it is difficult even for an administrator to observe contents of information transacted between users and information providers.
To achieve the above-mentioned objects, the present invention adopts following configurations.
In a multi-database system of the present invention, a plurality of database apparatuses which respectively store data, a multi-database processing apparatus which performs an integration processing of data stored in a plurality of the above-mentioned database apparatuses and user processing apparatuses which receive data subjected to the integration processing from the multi-database processing apparatus are constituted such that they are connected each other through a network.
Among the distributed data which are necessary for the above-mentioned multi-database processing apparatus to perform the integration processing, a plurality of database apparatuses respectively perform the conversion processing based on a predetermined rule with respect to partial data in a give data region contained in the distributed data and transmit the distributed data containing the partial data which are subjected to the conversion processing to the above-mentioned multi-database processing apparatus.
Further, the above-mentioned multi-database processing apparatus receives a plurality of the distributed data containing the partial data which are subjected to the conversion processing from a plurality of database devices, and generates the integral data by integrating a plurality of received distributed data, and transmits the integrated data to the user apparatuses.
In the above-mentioned conversion processing, it may be possible to perform the conversion such that the converted partial data is not disclosed. For example, the conversion processing includes the application of encrypting processing.