The present invention relates to a storage apparatus system for preventing the falsification of data.
In recent years, the United States is obligating specific organizations to store specific data in a state where it cannot be falsified during a designated period. For instance, the HIPAA (Health Insurance Portability and Accountability Act), which is a law concerning the interoperability and accountability of health insurance, is obligating medical institutions to store the medical data of patients for two years after the death of patients. Further, SEC17a-4 is obligating financial institutions and securities firms to store business logs including e-mails for as long as such institution or firm exists. An organization in default of these obligations will be subject to punishment by fine or imprisonment. Thus, demands are increasing for a function of guaranteeing that data will not be falsified during the retention period.
Conventionally, these organizations stored such data with a retention period in a non-rewritable, recordable recording medium such as a tape or optical disk. A data recording format in which data can only be written once and cannot be deleted or changed as described above is referred to as WORM (Write Once Read Many). Nevertheless, a recording medium such as a tape or optical disk has a low data I/O processing performance, and there is a problem in that it is insufficient in storing the vast amounts of data in recent years. Further, with a non-rewritable, recordable recording medium, even when the data is no longer required after the lapse of the retention period, there is a problem in that it is not possible to improve the utilization efficiency by deleting such data.
Thus, the gazette of US20040186858 (Patent Document 1) discloses technology of recording data with a retention period in a magnetic disk, which is a rewritable storage medium having a high I/O processing performance. The system disclosed in Patent Document 1 is configured from a user terminal and a file server. The file server is interconnected to the user terminal, and performs I/O processing of data in file units. Further, the file server has a magnetic disk for storing files transmitted from the user terminal.
An administrator of the file server defines a part of the storage area of a magnetic disk of the file server as a storage area (hereinafter referred to as a “WORM area”) dedicated to storing files with a retention period (hereinafter referred to as a “WORM file”). When an administrator of the file server issues a command for deleting or migrating the WORM area, the file server returns an error. Further, the file server retains an attribute value showing that it is a WORM area in the file server for recognizing which storage area is a WORM area. The user terminal connected to the file server configures a file as a WORM file by issuing a specific command containing the file retention period to the files stored in the WORM area.
When the file server receives a rewrite request of a file from the user terminal, it checks whether such file is a WORM file. If it is a WORM file, the file server checks whether the file retention period has already lapsed. If the file retention period has not lapsed, the file server does not permit the rewrite request of the file, and notifies the user terminal that the file cannot be rewritten. Like this, a retention period is set for each file, and it is thereby possible to guarantee that the file will not be falsified by the administrator of the user terminal or file server during the retention period.