CN107210992B - Uploading and downloading data between a secure data system and an external data system - Google Patents

Uploading and downloading data between a secure data system and an external data system Download PDF

Info

Publication number
CN107210992B
CN107210992B CN201580056592.1A CN201580056592A CN107210992B CN 107210992 B CN107210992 B CN 107210992B CN 201580056592 A CN201580056592 A CN 201580056592A CN 107210992 B CN107210992 B CN 107210992B
Authority
CN
China
Prior art keywords
data
secure
repository
module
center
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201580056592.1A
Other languages
Chinese (zh)
Other versions
CN107210992A (en
Inventor
刘海涛
S·罗
L·陈
K·罗
X·彭
S·李
B·胡
C·黄
H·H·黄
S·王
B·陆
F·魏
H-Y·何
Y·彭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Technology Licensing LLC filed Critical Microsoft Technology Licensing LLC
Publication of CN107210992A publication Critical patent/CN107210992A/en
Application granted granted Critical
Publication of CN107210992B publication Critical patent/CN107210992B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/53Network services using third party service providers
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

Automatic upload and download of data between potentially unsecure external data generators/users and secure data management centers/repositories is provided. A data uploader module at the external data producer/user is configured to upload data to the secure data management center/repository. The data to be uploaded is transformed as needed and the transformed data is then passed to a proxy service where a data uploader is validated for uploading the data to a secure data management center/repository. At the proxy service, one or more specific locations at which the uploaded data is to be stored at the data management center/repository are determined, and the data is then passed to and stored at the determined locations. At the data management center/repository, the uploaded data is processed as needed. Data at the data management center/repository can be downloaded back to the external data generator/user through the proxy service as needed.

Description

Uploading and downloading data between a secure data system and an external data system
Technical Field
The present application relates to uploading and downloading data, and more particularly to uploading and downloading data between a secure data system and an external data system.
Background
With the advent of modern computing systems, millions of computers around the world generate vast amounts of data. In many cases, data is maintained, processed, and reported at/through large data centers where thousands of computers are networked for storing and processing data. Furthermore, online software and data management/processing systems now form the following scenario: small and large users who enjoy computing and data services must send data to one or more remote data centers, have the data processed at the one or more remote data centers, and extract the data from the one or more remote data centers. For example, a company with thousands of computing users may utilize online software and data management by a remote software and data management service provider. One problem with such management is that the service provider's system must be highly secure because each of its subscribers to the service must send secure data to the service provider, and each subscriber expects its data to be secure from the other subscribers. Thus, uploading and downloading data to/from a secure data center/repository of an external (and possibly insecure) computing system creates a security concern. There is a need for a method and system for managing the upload and download of data between external users/entities and a secure data center/repository. It is with respect to these considerations and others that the present invention has been made.
Disclosure of Invention
This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter.
Aspects of the present invention solve the above and other problems by providing automated uploading and downloading of data between external data generators/users and secure data management centers/repositories. According to aspects of the invention, a data uploader module at the external data producer/user is configured to upload data to the secure data management center/repository. The data to be uploaded is transformed as needed, for example, encryption of Personal Identifiable Information (PII). The transformed data is then passed to a proxy service where a data uploader is validated for uploading the data to the secure data management center/repository. At the proxy service, one or more particular locations at the data management center/repository to which the uploaded data is to be stored is determined, and the data is then communicated to and stored at the one or more determined locations. At the data management center/repository, the uploaded data is processed and reports are generated (if needed).
Downloads of the processed data and/or reports back to the external data generator/user may then be scheduled if needed. A data downloader module at the proxy service may be configured to download the data back to the external producer/consumer. Where desired, the data is transformed, e.g., to decrypt the PII, and the transformed data is then downloaded to an external generator/user where it can be processed and utilized as needed.
The details of one or more embodiments are set forth in the accompanying drawings and the description below. Other features and advantages will be apparent from a reading of the following detailed description and a review of the associated drawings. It is to be understood that the following detailed description is illustrative only and is not restrictive of the invention as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate various aspects of the invention.
FIG. 1A is a simplified block diagram of one example of a system architecture for uploading data from an external data generator/user to a secure data management center/repository.
FIG. 1B is a simplified block diagram of one example of a system architecture for downloading data from a secure data management center/repository to an external data generator/user.
FIG. 2A is a simplified block diagram of one example of a data uploader module for uploading data from a source location to a destination location.
Fig. 2B is a simplified block diagram of one example of a proxy service for ensuring that data uploads to secure destination storage repositories and data read/download requests are handled by trusted sources/requestors.
FIG. 3 is a flow diagram of an example method for uploading/downloading data between a secure data management center/repository and an external data generator/user.
FIG. 4 is a block diagram illustrating example physical components of a computing device that may be used to implement aspects of the present invention.
Fig. 5A and 5B are simplified block diagrams of mobile computing devices that may be used to implement aspects of the present invention.
FIG. 6 is a simplified block diagram of a distributed computing system that can be used to implement aspects of the present invention.
Detailed Description
The following detailed description refers to the accompanying drawings. Wherever possible, the same reference numbers will be used throughout the drawings and the following description to refer to the same or like elements. While embodiments of the invention have been described, modifications, adaptations, and other implementations are possible. For example, substitutions, additions or modifications may be made to the elements illustrated in the drawings, and the methods described herein may be modified by substituting, rearranging or adding stages to the disclosed methods. The following detailed description, therefore, is not to be taken in a limiting sense, but rather the true scope of the present invention is defined by the appended claims.
As briefly described above, aspects of the present invention relate to the automatic upload and download of data between an external data generator/user and a secure data management center/repository. For purposes of illustration, in the description of the components and process steps illustrated and described with reference to fig. 1A through 6, consider, for example, that the external data generator/user is a company including hundreds or thousands of employees that generates, maintains, and distributes various types of data using hundreds or thousands of individual and networked computing systems. Consider that employees of the example company generate hundreds of word processing, spreadsheets, slide presentations, databases, and other types of documents and data sets each day.
Consider further an online software and data management service, such as an external producer/user company, that utilizes a computing software and data management service system that operates a large data management center/repository for operating the online service and receiving, maintaining, processing and reporting data under the direction of the external producer/user. It is further contemplated that, for example, an external generator/user of data communicates user data (e.g., documents, data, etc.) to a service provider on a regular and frequent basis to obtain any services that may be provided with respect to the data, such as storing, editing, collaborating with other users, processing, reporting to other users, downloading back to the originating user, and so forth.
It is further contemplated that additional types of data (e.g., system performance data, software performance data, system usage data, etc.) may be uploaded from external generators/users of data to the service provider's secure data management center/repository for storage, processing, reporting, presentation to other recipients, or back to the originating generator/user of the data, as desired.
As should be appreciated from this example data management scenario, various types of data must be uploaded from the external producer/user to the security service provider on demand, and similarly data must be downloaded from the security service provider back to the external producer/data. In either case, the data must be transferred between the external generator/user and the secure data management center/repository while maintaining the security of the data and systems at the secure data management center/repository from any unauthorized and/or harmful data upload or download.
FIG. 1A is a simplified block diagram of one example of a system architecture for uploading data from a source location to a destination location. System architecture 100 includes various example computing components for uploading data from various source computing systems (or individual computers) to various destination storage repositories. At the bottom of fig. 1A, data center 105 illustrates a data center operated by an external data generator/user that may need to upload various types of data to a secure data management center/repository, as described above. The data center 105 may house hundreds, thousands, or more individual computers or computing systems 110 on which various data types of data may be stored, which may be processed using a variety of different computing processes (e.g., various software applications). For example, each of the computing devices 110 may include various types of computers, such as server computers for storing user data in databases, email systems, document management systems, and so forth, and the computing system 100 may be used to run various computing system software applications, such as database applications, email system applications, web service applications, online software provisioning applications, productivity applications, data management system applications, telecommunications applications, and so forth.
As should be appreciated, the data center 105 also illustrates one of many data centers, which may be co-located or may be located in different locations and may be associated with each other via various transmission systems for communicating data between the discrete data centers. Additionally, although the data center 105 is illustrated as a data center in which multiple computer systems 110 may be located for providing data and services as described above, the data center 105 equivalently illustrates an entity such as a company, an educational facility, or a single computing device, e.g., a desktop computing device, a laptop computing device, a tablet computing device, a handheld computing device, or other computing device operated by an individual user from which user data and/or computer system data may be extracted, transformed (if needed), and exported to a destination storage repository for analysis and further use as needed.
Still referring to the data center 105, each computing device 110 is associated with an uploader module 115, which uploader module 115 is used to upload user and/or system data from each associated computer/computing system 110, and to transform (if necessary) and export the extracted data to a designated destination storage repository. The uploader module 115 is described in further detail below with respect to fig. 2A. According to one aspect of the invention, an uploader module 115 may be installed on each associated computer/computing system 110.
Alternatively, a single uploader module 115 may be used as a stand-alone module that may be associated with multiple computing systems 110. In such a case, the uploader module may function as a remote uploader module that may access one or more associated computing systems 110 over a distributed computing network (e.g., the internet or an intranet). That is, according to aspects of the invention, the uploader module 115 may be installed on the associated computing device 110, or the uploader module may remotely operate a computing device through which data may be extracted for conversion of the data, if desired, and for exporting the data to a destination storage repository, as described herein.
Still referring to fig. 1A, the edge router 120 illustrates a typical router device for delivering extracted data from a given uploader module to a system external to the data center 105. It should be appreciated that edge router 120 may be responsible for ensuring that data delivered from a given data center 105 is properly delivered to the desired destination system component, e.g., that packetized data delivered from an uploader module is properly routed to the proper destination component of system 100.
The distributed computing network 125 (shown as a dashed line in fig. 1A) illustrates any network (such as the internet or an intranet) over which data may be transferred from the data center to components outside of the data center (such as destination storage repositories 145a-c of the secure data management center/repository described below).
The edge router 135 illustrates a receiving edge router through which data may be passed to a proxy service 140 that is responsible for ensuring that the received data is properly authenticated before allowing the received data to be passed to one or more destination storage repositories 145 a-c. The operation of the proxy service 140 is described in further detail below with reference to fig. 2B.
The storage repositories 145a-c illustrate any data storage repository that may be authorized to receive data uploaded via the uploader module 115. For example, the destination storage repositories 145a-c may be associated with a service provider's secure data management center/repository for receiving, storing, and analyzing data associated with computing systems and software services provided for customers of the service provider (e.g., the company operating its computing systems 110 and/or data center 105 external to the secure data management center/repository). For example, repository 145a may be designated for receiving various types of associated user data and computing system data, which may then be stored at one or more locations within data repository 145a or separate from repository 145a, and/or processed at one or more locations within data repository 145a or separate from repository 145 a.
For example, the data repository 145a may serve as the master secure data repository for the secure data management center/repository that receives data uploads from external data generators/users. Access points 152, 154, and 156 represent access points at the data repository 145a through which data may be communicated out of the proxy service 140 for uploading the data to one or more specific data locations 160 or for passing the data through one or more specific data access points 158, 162 to pass the data to other data repositories 145b, 145 c.
Data repository 145b may be designated for receiving and analyzing user data and system data associated with one or more services or data types. For example, the data repository 145b illustrates a cloud services system operating at the secure data management center/repository 144 of a given service provider. Scheduler module 166 illustrates software modules or devices for scheduling data uploads and downloads to and from data repository 145 b. The extractor module 168 illustrates software modules or devices for distributing data to and from components of the data repository 145 b. Analysis module 170 illustrates software modules or devices for outputting and/or displaying or otherwise presenting data from storage repository 145 b.
Destination storage repository 145c illustrates another component of the secure data management center/repository 144. For example, the destination storage repository 145c may take the form of a database system operating at the secure data management center/repository 144 of a given service provider. Scheduler module 166 illustrates software modules or devices for scheduling data uploads and downloads to and from data repository 145 c. The extractor module 168 illustrates software modules or devices for distributing data to and from the components of the data repository 145 c. The analysis module 170 illustrates software modules or devices for outputting and/or displaying or otherwise presenting data from the storage store 145 c.
As should be appreciated, the description of the various components of the secure data management center/repository 144 and the individual components 145a, 145b, 145c is for purposes of example and illustration only and is not limiting of the various other components or systems to which data that may operate as part of the secure data management center/repository may be uploaded to or through which data may be downloaded from or to an external (and possibly unsecure) data generator/user. For example, various components of the secure data management center/repository 144 may provide online software and data management offerings, such as offerings of word processing services, slide presentation application services, database application services, spreadsheet application services, telecommunications application services, and so forth, that are provided to various users via one or more online software application services and data management systems.
FIG. 1B is a simplified block diagram of one example of a system architecture for downloading data from the secure data management center/repository 107 to the external data generators/users 105. The components illustrated in fig. 1B are a subset of the components illustrated in fig. 1A and are provided herein to illustrate the download of the data described above from a given storage repository of the secure data management center/repository 107 back to the external generator/user 105. As illustrated in fig. 1B and described in further detail below with reference to fig. 3, when the external producer/user 105 requests a download of data back to their system, the download of data is managed by the downloader module 115 and by the proxy service 140 in a similar manner to the upload of data from the external producer/user 105 to the secure data management center/repository 107, as illustrated and described with reference to fig. 1A.
For example, in response to processing and report generation of a set of data passed from the external generator/user 105 to the secure data management center/repository 107 as described above with reference to fig. 1A, a subsequent data download (e.g., a report regarding the processing of a set of data) may be scheduled for download back to the external generator/user. In fig. 1B, the components of cloud service system 145B are illustrated for purposes of example. As should be appreciated, any other component of the secure data management center/repository may be utilized to schedule and download data to external generators/users.
Still referring to fig. 1B, cloud service center 145B includes data upload/download scheduler module 166 as described above with reference to fig. 1A, and also includes job module 180 and data module 178. Job module 180 illustrates a software module or system for handling data upload and download jobs to/from cloud service system 145b, and data module 178 illustrates a system or module for extracting data, or loading data from/onto cloud service system 145 b.
According to aspects of the invention, when a data download is requested from an external producer/user 105, the scheduler module 166 schedules the data download. At the scheduled time for the requested download, the downloader module 115 operating at the proxy service 140 reads the configuration file to obtain any information required to download the requested data, such as whether the data will be transformed in any form prior to download and whether a specific download plug-in is required to download the data to a specific component of an external generator/user. As will be described in detail below with reference to fig. 2A and 2B, since the requested data download will be communicated between the secure site and the potentially unsecure site, the downloader module will be configured to download the data to the proxy service 140, and the proxy service 140 will verify the security credentials of the data downloader to download the data from the secure location to a potentially unsecure location at the requesting external data generator/user.
After the downloaded data is passed through the proxy service 140, the data may be passed to the external producer/user system 105 for storage, processing, or other use as required by the recipient. As shown in FIG. 1B, the downloaded data may pass through an extraction module 194, the extraction module 194 being responsible for distributing the data to various components of the recipient's system, including to a data store 196. Job module 190 and job data module 192 illustrate systems, modules, or components for managing the distribution of downloaded and uploaded data to and from components of external producer/user system 105. The uploader module 188 illustrates an uploader module for uploading data from the external producer/user system 105 back to the secure data management center/repository 107 via the proxy service 140, as illustrated and described above with reference to fig. 1A.
Referring now to fig. 2A, the operation of the data uploader 115 and the data downloader 115 is illustrated and described. As briefly described above, data uploaders and data downloaders are computer-executable instructions comprising instructions sufficient for reading, transforming (if necessary), and exporting data of various data types from external data generators/users on the unsecure side to the secure data management center/repository on the secure side. Data uploaders and downloaders are also used to transfer data from the secure side back to the unsecure side. As should be appreciated, the data uploader and downloader may be the same module, and are only designated as uploaders relative to downloaders based on the direction of data movement.
The data uploader or downloader (hereinafter referred to as data loader) 115 includes an operation module 205 for receiving data upload instructions and for directing the processing of the components of the data loader module 115. The configuration file reader 210 is a module used by the data loader 115 to read the configuration file 215 to obtain data upload instructions, as described below. The data reader module 225 is used to read data of various data types via the data reader plug-in module 227. The data transformation module 230 is a module for transforming data via the data transformation plug-in 232 in response to data transformation information read from the configuration file 215. Data export module 235 is used to export data from memory to the specified destination storage repositories 145a-c via data export plug-in 237 as specified by instructions received from configuration file 215.
That is, the data reader module 225, the data transformation module 230, and the data export module 235 are modules of the data loader module 115 for reading, transforming, and exporting various types of data as specified by the information contained in the configuration file 215. Also, each of modules 225, 230, 235 may be allowed to read, transform, and export data as instructed by various plug-ins 227, 232, 237 accessed based on data loader operations module 205 or installed on data loader 115 to allow loader 115 to read, transform, and export data according to various data types 220 designated for uploading to a given destination storage repository 145 a-c.
Various data reader, data transformation and data export plug-in modules 227, 232, 237 may be provided to the data loader 115 or may be accessed by the data loader module 115 as needed to enable reading, transformation and export of different types of data. For example, a service provider that needs to receive transformed data from various computing devices operating at data center 105 may provide a data reader plug-in, a data transformation plug-in, and a data export plug-in for data loader module 115 to use to read, transform, and export data according to their respective needs.
As described herein, data that can be read, transformed, and derived can have an almost unlimited number of different data types. Such data may take the form of operating system events, text files, XML files, HTML files, the contents of a database (e.g., an SQL database), email files, calendar information, word processing documents, spreadsheet documents, slide presentation documents, task documents and files, and the like.
Before data is passed to a destination storage repository, the data may need to be transformed for various reasons. For example, if the data contains sensitive confidential and/or personal information associated with a given user (e.g., the user's name, social security code, driver's license number, financial data, etc.), such Personally Identifiable Information (PII) may be erased from the data by the uploader module prior to transferring the data to the destination storage repository to prevent such personally identifiable information from being transferred to unauthorized individuals or entities. Similarly, if data extracted from a given computer of a computing system at the data center 105 is stored according to a first format, but the data is to be stored at a desired destination storage repository according to a second format, the uploader module 115 may transform the data from the first format to the second format so that the data may be suitably stored and utilized at the destination storage repository.
For example, if a given destination storage repository is associated with a software application service provider, and the service provider is willing to analyze a plurality of documents generated and stored at one or more computing devices at data center 105, the service provider may require that any personally identifiable information be erased from the data before it is passed to the storage repository for analysis and review, because the service provider does not need and does not want personally identifiable information about the document, but rather, the service provider may want to analyze other characteristics, attributes, or capabilities of the document to ensure that the service provider's software application used to generate the document is operating properly.
Additionally, the document may be stored at computing system 110 according to a first format (e.g., a database format), but the destination storage repository may require the document according to a second format. Just as the data may be erased PII, the data may be transformed in various other ways, such as from a first format to a second format, before the data is transferred to and stored in the desired destination storage repository. Thus, according to aspects of the invention, data may be extracted, transformed as needed, and exported from one or more computing devices or computing systems via an uploader module before the data is transferred to and stored in one or more destination storage repositories.
As should be appreciated, a given data loader 115 may be installed on a given computing device 110, or may be otherwise associated with a given computing device 110 or provided access to a given computing device 110, and the data loader 115 may be allowed to read many different types of data by associating a data reader plug-in 227 to allow the loader 115 to read a specified type of data. Similarly, the data loader 115 may be allowed to transform data on demand by associating the loader with the data transformation plug-ins needed for the desired transformation. Similarly, the data loader module 115 can be enabled to export data on demand by associating the loader with the appropriate data export plug-in 237.
Configuration files 215 illustrate files accessible by data loader module 115 for receiving data upload instructions to obtain a given data set or type. The data upload instructions contained in the configuration file may provide information including the data type associated with the data to be uploaded, data read instructions, and security information for allowing the loader module to access the desired data. Further, the configuration file may provide instructions on how the desired data is to be transformed (if needed) and where the uploaded data is to be stored and in what file type the exported data is to be stored. As described below, the configuration file may also provide the data loader with a specified export plug-in for causing the data loader to pass data to a specified component (such as the proxy service 140).
Referring now to FIG. 2B, proxy service 140 is a system or software module for authenticating requests to upload data to secure destination storage repositories 145a-c and/or for authenticating data download/read requests from destination storage repositories 145 a-c. Consider, for example, that data (whether user data or system data) is to be uploaded from the external data generator/user side 105 (unsecure side) to the secure storage repositories 145a-c via the loader module 115, or a request to download data or read data stored at a secure destination storage repository is received from a computing device/system 110 at the external data generator/user side 105 (unsecure side). Consider further that computing device/system 110, for example, through which data upload is requested or through which data download/read requests are received, is a computing device/system operating outside of the storage repository to which the request is passed. For example, the storage repository may be part of an internal corporate entity data storage system, and the computing system through which upload/download/read requests are received may be operated by a third party entity operating outside of a secure network or data center used to maintain the data repository. In such cases, it is possible that harmful or other undesirable data is uploaded to the secure storage repository, or that sensitive data and other information is downloaded or read from the secure storage repository by an unauthorized person or entity.
According to aspects of the invention, the proxy service 140 is a system component and/or software module for authenticating data upload or data download/read requests made to a secure destination storage location/repository to prevent unauthorized upload or access to secure data. Still referring to FIG. 2B, the proxy service 140 includes a data transfer module 250, the data transfer module 250 being a software module and/or system component for receiving a data transfer from the loader module 115 to transfer uploaded data from the computing device 110 on which the loader module 115 is installed or associated with the loader to the destination storage repositories 145 a-c. The data transfer module 250 is also used to transfer the downloaded data or data response to the read request from the destination storage repository to the requesting computing device 110 via the loader 115, 130. Authentication module 255 is a device or software module for authenticating the source of a data upload/download/read request to ensure that the source is trusted to upload data to a secure store or to download or read data from a secure store.
The memory 260 illustrates memory locations housed in the proxy service 140 or accessible through the proxy service 140, where information required to authenticate upload/download/read requests may be stored. According to aspects of the present invention, an Internet Protocol (IP) address list 265 illustrates a list of IP addresses that may be used for comparison against IP addresses associated with data upload/download/read requesters. The certificate list 270 illustrates a list of authentication certificates that may be used for comparison with authentication certificates associated with data upload/download/read requestors. The transmission approval list 275 illustrates a list of approval sources from which upload/download/read requests have been previously authenticated and approved.
Having described an architecture that may be used to operate aspects of the present invention above with reference to fig. 1A through 2B, fig. 3 is a flow diagram of an example method for uploading/downloading data between a secure data management center/repository and an external data generator/user. For purposes of description, consider the example of the uploading and subsequent downloading of data from an external data generator/user to the secure data management center/repository described above. As should be appreciated, the examples described herein are just a few examples of the almost endless variety of data uploads and downloads from individual computer users or networks of hundreds or thousands of computer users operating outside of a secure data management center/repository to which data may be uploaded and from which data may be downloaded.
Referring then to fig. 3, the method 300 begins at start operation 305 and proceeds to operation 310 where data uploads from potentially unsecure external data producers/users are scheduled at operation 310. As should be appreciated, data uploads may be scheduled by the scheduler module 166, 172 operating at the secure data management center/repository, or data uploads may be scheduled by a scheduler module operating at an external data generator/user. At operation 315, a request to upload data from an external data generator/user is received according to a scheduled data upload request or according to an in-flight data upload request from an external data generator/user.
At operation 320, the data loader module 115 is configured by reading the configuration file 215, as illustrated and described above with reference to fig. 1B, 2A, and 2B, the configuration file 215 being used to determine instructions and parameters for uploading the requested data. For example, as described above, the upload instructions/parameters for the data loader module may include information about the transformations that may be needed (e.g., encryption of PII from the uploaded data) and instructions about the particular data transformation plug-in module 232 and data export plug-in module 237 to be used to upload the data.
At operation 325, the data to be uploaded is transformed according to the data transformation instructions received by the data loader module. According to one transformation example, any personally identifiable information is identified and encrypted such that the PII will not be transmitted to the secure data management center/repository with the uploaded data. That is, while a data service provider operating at a secure data management center/repository may need to process uploaded data according to various processing operations, any personal information associated with the data at the secure data management center/repository may not be needed. As should be appreciated, other transformations on data may include changing data from one file type to another, or may include performing actual operations on data, such as summing data in a spreadsheet or database file, hashing information contained in a given file, and so forth.
At operation 330, the transformed data is uploaded to the proxy service 140 by the loader module 115 to verify that the loader module 115 is a valid data loader from which data may be received for uploading the data to the secure data management center/repository. As described above, data uploaded from a data loader module operating at an external generator/user can be automatically passed to the proxy service 140 because the loader module utilizes an expert plug-in module instructed by the configuration file 215 that automatically passes the data to the proxy service rather than allowing the data to pass directly to a secure location.
At operation 335, the data loader module attempting to upload the data to the secure data management center/repository is validated according to credentials associated with the data loader module, as described above with reference to FIG. 2B. For example, the IP address associated with the data loader module may be compared to a list of IP addresses associated with previously specified authenticated sources. A secondary authentication step may also be performed, such as comparing the authentication credential provided by the data loader module to a list of authentication credentials associated with each data loader module previously authenticated as being valid for uploading data to a secure location. Further, any number of other authentication credentials (including encrypted keys, username/password combinations, etc.) may be utilized to verify that the data loader module is valid for uploading the desired data. At operation 340, if the data loader module is not authenticated, the method returns to operation 315, at operation 315, data upload may again be requested, and the administrator may update the credentials provided with the data loader module.
At operation 345, if the data loader module is authenticated as a valid data loader module, the proxy service 140 may determine a location at the secure data management center/repository for uploading the requested data. That is, as described above with reference to fig. 1A, the proxy service 140 is used to direct one or more portions of the uploaded data to particular storage locations of the master secure data repository 145a from which the data can be subsequently passed to other repositories, such as the cloud service system 145b or database system 145c, or other components/systems operating on the secure side 107. Information needed by the proxy service 140 to direct the storage of data or components of that data at one or more locations of the secure data management center/repository may be provided from the loader module based on information read from the configuration file 215.
At operation 350, the data is stored in the desired location and at operation 355, the data is processed as needed and any desired reports are generated. For example, if the data uploaded from the external generator/user is user data, such as documents generated by one or more users at the external generator/user, such documents may be passed to the cloud service system 145b for storage and management along with other documents uploaded by the external generator/user. Alternatively, if the data uploaded from the external generator/user includes system data regarding the operation of the various computing systems at the external generator/user, such system data can be communicated to the database system 145c and stored at the database system 145c, where it can be aggregated with other system data to generate reports that can be communicated back to the external generator/user for management of their computing systems. As should be appreciated, these are just a few examples of the processing that may be performed on the uploaded data.
At operation 360, the scheduling module 166 may schedule any required data downloads from the secure data management center/repository for downloading information back to the external generator/user. For example, data such as system reports may be scheduled for periodic download to an external generator/user according to a previously configured frequency (e.g., once every 24 hours). Alternatively, data may be downloaded on an on-the-fly basis from the secure data management center/repository, such as where user documents are stored and processed by online software operating at the secure data management center/repository, and where such documents may be downloaded on-demand by individual users or administrative personnel at the external generator/user.
At operation 365, in response to the scheduled download or the requested download, the downloader module 115 is configured to download the data from the secure data management center/repository to the requesting external generator/user in a manner similar to the data being uploaded from the external generator/user to the secure data management center/repository. That is, the downloader module is configured to perform any required transformations and pass the authentication credentials to the proxy server 140 to validate itself for downloading the data out of the secure data management center/repository.
At operation 370, the downloaded data is converted as needed. For example, if the downloaded data contains encrypted Personally Identifiable Information (PII), a transformation plug-in module operated by the downloader module 115 may transform the data by decrypting the PII information such that when the data is received at an external generator/user, the previously encrypted PII information is decrypted for use by the requesting user. At operation 375, the requested data is downloaded to an external generator/user, as described above with reference to fig. 1B. The method 300 ends at operation 395.
While the invention has been described in the general context of program modules that execute in conjunction with an application program that runs on an operating system on a computer, those skilled in the art will recognize that the invention may also be implemented in combination with other program modules. Generally, program modules include routines, programs, components, data structures, and other types of structures that perform particular tasks or implement particular abstract data types.
The embodiments and functions described herein may operate via a number of computing systems, including without limitation desktop computer systems, wired and wireless computing systems, mobile computing systems (e.g., mobile phones, netbooks, tablet or slate computers, notebook computers, and laptop computers), handheld devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, and mainframe computers.
Additionally, the embodiments and functions described herein may operate on a distributed system (e.g., a cloud-based computing system), where application functions, memory, data storage and retrieval, and various processing functions may operate remotely from one another over a distributed computing network, such as the internet or an intranet. Various types of user interfaces and information may be displayed via an on-board computing device display or via a remote display unit associated with one or more computing devices. For example, various types of user interfaces and information may be displayed and interacted with on a wall surface on which the various types of user interfaces and information are projected. Interactions with the various computing systems through which embodiments of the invention may be practiced include key inputs, touch screen inputs, voice or other audio inputs, gesture inputs in which the associated computing device is equipped with detection (e.g., camera) functionality for capturing and interpreting user gestures to control functions of the computing device, and so forth.
4-6 and the associated description provide a discussion of various operating environments in which embodiments of the invention may be implemented. 4-6 are for purposes of example and illustration and are not limiting of the vast number of computing device configurations that may be used to implement the embodiments of the invention described herein.
FIG. 4 is a block diagram illustrating physical components (i.e., hardware) of a computing device 400 that may be used to implement embodiments of the present invention. The computing device components described below may be applicable to the computing devices 110, 115, 145 described above. In a basic configuration, computing device 400 may include at least one processing unit 402 and system memory 404. Depending on the configuration and type of computing device, the system memory 404 may include, but is not limited to, volatile storage (e.g., random access memory), non-volatile storage (e.g., read-only memory), flash memory, or any combination of such memories. The system memory 404 may include an operating system 405 and one or more program modules 406 suitable for running the software applications 450. For example, operating system 405 may be suitable for controlling the operation of computing device 400. Further, embodiments of the invention may be practiced in conjunction with a graphics library, other operating systems, or any other application program, and are not limited to any particular application or system. This basic configuration is illustrated in fig. 4 by those components within dashed line 408. Computing device 400 may have additional features or functionality. For example, computing device 400 may also include additional data storage devices (removable and/or non-removable) such as, magnetic disks, optical disks, or tape. Such additional storage is illustrated in FIG. 4 by removable storage device 409 and non-removable storage device 410.
As stated above, a number of program modules and data files may be stored in system memory 404. Although executed on processing unit 402, program modules 406 may perform processes including, but not limited to, one or more of the stages of method 300 shown in fig. 3. Other program modules that may be used in accordance with embodiments of the present invention may include applications such as email and contacts applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided applications, and the like.
Furthermore, embodiments of the invention may be practiced in electrical circuits comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, circuits utilizing microprocessors or on a single chip containing electronic elements or microprocessors. Embodiments of the invention may be implemented, for example, by a system on a chip (SOC), in which each or many of the components shown in fig. 4 may be integrated onto a single integrated circuit. Such SOC devices may include one or more processing units, graphics units, communication units, system virtualization units, and various application functions, all of which are integrated (or "burned") onto a chip substrate as a single integrated circuit. When operating with an SOC, the functionality described herein with respect to providing an activity flow across multiple workloads may operate through application specific logic integrated with other components of the computing device/system 400 on a single integrated circuit (chip). Embodiments of the invention may also be practiced using other technologies capable of performing logical operations (such as, for example, and, or, and not), including but not limited to mechanical, optical, fluidic, and quantum technologies. In addition, embodiments of the invention may be practiced within a general purpose computer or in any other circuits or systems.
Computing device 400 may also have one or more input devices 412, such as a keyboard, mouse, pen, voice input device, touch input device, etc. Output device(s) 414 such as a display, speakers, printer, etc. may also be included. The foregoing devices are examples, and other devices may be used. Computing device 400 may include one or more communication connections 416 that allow communication with other computing devices 418. Examples of suitable communication connections 416 include, but are not limited to, RF transmitter, receiver, and/or transceiver circuitry, Universal Serial Bus (USB), parallel, and/or serial ports.
The term computer readable media as used herein may include computer storage media. Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, or program modules. The system memory 404, the removable storage devices 409, and the non-removable storage devices 410 are all computer storage media examples (i.e., memory storage). Computer storage media may include RAM, ROM, electrically erasable read-only memory (EEPROM), flash memory or other memory technology, CD-ROM, Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other article of manufacture that can be used to store information and that can be accessed by computing device 400. Any such computer storage media may be part of computing device 400. Computer storage media does not include a carrier wave or other propagated or modulated data signal.
Communication media may be embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media. The term "modulated data signal" may describe a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, Radio Frequency (RF), infrared and other wireless media.
Fig. 5A and 5B illustrate a mobile computing environment 500, such as a mobile phone, a smart phone, a tablet personal computer, a laptop computer, etc., which may be used to implement embodiments of the present invention. Referring to FIG. 5A, one embodiment of a mobile computing device 500 for implementing the embodiments is illustrated. In a basic configuration, the mobile computing device 500 is a handheld computer having both input elements and output elements. The mobile computing device 500 typically includes a display 505 and one or more input buttons 510 that allow a user to enter information into the mobile computing device 500. The display 505 of the mobile computing device 500 may also be used as an input device (e.g., a touch screen display). Optional side input element 515, if included, allows for further user input. The side input element 515 may be a rotary switch, a button, or any other type of manual input element. In alternative embodiments, mobile computing device 500 may incorporate more or fewer input elements. For example, in some embodiments, the display 505 may not be a touch screen. In yet another alternative embodiment, the mobile computing device 500 is a portable telephone system, such as a cellular telephone. The mobile computing device 500 may also include an optional keypad 535. Optional keypad 535 may be a physical keypad or a "soft" keypad generated on the touch screen display. In various embodiments, the output elements include a display 505 for displaying a Graphical User Interface (GUI), a visual indicator 520 (e.g., a light emitting diode), and/or an audio transducer 525 (e.g., a speaker). In some embodiments, the mobile computing device 500 incorporates a vibration transducer for providing tactile feedback to the user. In yet another embodiment, the mobile computing device 500 incorporates input and/or output ports, such as an audio input (e.g., a microphone jack), an audio output (e.g., a headphone jack), and a video output (e.g., an HDMI port) for sending signals or receiving signals from external devices.
Figure 5B is a block diagram illustrating the architecture of one embodiment of a mobile computing device. That is, the mobile computing device 500 may incorporate a system (i.e., architecture) 502 to implement certain embodiments. In one embodiment, system 502 is implemented as a "smartphone" capable of running one or more applications (e.g., browser, email, calendar, contact manager, messaging client, games, and media client/player). In some embodiments, system 502 is integrated as a computing device, such as an integrated Personal Digital Assistant (PDA) and wireless phone.
One or more application programs 550 may be loaded into memory 562 and run on or in association with an operating system 564. Examples of application programs include telephone dialer programs, electronic communication programs, Personal Information Management (PIM) programs, word processing programs, spreadsheet programs, internet browser programs, messaging programs, and so forth. The system 502 also includes a non-volatile storage area 568 within the memory 562. The non-volatile storage area 568 may be used to store persistent information that is not lost if the system 502 is powered down. The application programs 550 can use and store information in the non-volatile storage area 568, such as e-mail or other messages used by an e-mail application. A synchronization application (not shown) also resides on the system 502 and is programmed to interact with a corresponding synchronization application resident on the host computer to keep the information stored in the non-volatile storage area 568 synchronized with the corresponding information stored at the host computer. As should be appreciated, other applications may also be loaded into the memory 562 and run on the mobile computing device 500.
The system 502 has a power supply 570 that may be implemented as one or more batteries. The power supply 570 may further include an external power source, such as an AC adapter or power dock (powered docking cradle) that supplements or recharges the batteries.
The system 502 may also include a radio 572 that performs the function of transmitting and receiving radio frequency communications. The radio 572 facilitates wireless connectivity between the system 502 and the "outside world," via a communications carrier or service provider. Transmissions to and from the radio 572 are conducted under control of the operating system 564. In other words, communications received by the radio 572 may be disseminated to the application programs 550 via the operating system 564, and vice versa.
The visual indicator 520 may be used to provide a visual notification and/or the audio interface 574 may be used to produce an audible notification through the audio transducer 525. In the illustrated embodiment, the visual indicator 520 is a Light Emitting Diode (LED) and the audio transducer 525 is a speaker. These devices may be directly coupled to the power supply 570 so that they remain on for the duration stated by the notification mechanism when activated, even though the processor 560 and other components may be turned off to conserve battery power. The LED may be programmed to remain on indefinitely until the user takes action to indicate the on status of the device. The audio interface 574 is used to provide audible signals to and receive audible signals from the user. For example, in addition to being coupled to the audio transducer 525, the audio interface 574 may also be coupled to a microphone to receive audible input, such as to facilitate a telephone conversation. In accordance with embodiments of the present invention, the microphone may also be used as an audio sensor to facilitate control of notifications, as will be described below. The system 502 may further include a video interface 576 that allows operation of an on-board camera 530 to record still images, video streams, and the like.
The mobile computing device 500 implementing the system 502 may have additional features or functionality. For example, the mobile computing device 500 may also include additional data storage devices (removable and/or non-removable) such as, magnetic disks, optical disks, or tape. Such additional storage is illustrated in FIG. 5B by non-volatile storage 568.
The data/information generated or captured by the mobile computing device 500 and stored via the system 502 may be stored locally on the mobile computing device 500 as described above, or the data may be stored on any number of storage media that are accessible by the device via the radio 572 or via a wired connection between the mobile computing device 500 and a separate computing device associated with the mobile computing device 500, such as a server computer in a distributed computing network, such as the internet. As should be appreciated, such data/information may be accessed via the mobile computing device 500, via the radio 572, or via a distributed computing network. Similarly, such data/information may be readily transferred between computing devices for storage and use in accordance with well-known data/information transfer and storage arrangements, including e-mail and collaborative data/information sharing systems.
FIG. 6 illustrates one embodiment of an architecture for a system that provides the functionality described herein across the components of a distributed computing environment. Content developed, interacted with, or edited in association with the above-described applications may be stored in different communication channels or other storage types. For example, various documents may be stored using directory services 622, web portals 624, mailbox services 626, instant messaging stores 628, or social networking sites 630. As described herein, an application 620 (e.g., an electronic communication application) may use any of these types of systems for providing the functionality described herein across multiple workloads. The server 615 may provide this functionality to the clients 605A-C and 110. As one example, server 615 may be a web server that provides the application functionality described herein over the web. A server 615 may provide application functionality over the web to clients 605A-C and 110 through networks 125, 610. By way of example, the computing device 110 may be implemented and embodied in a personal computer 605A, a tablet computing device 605B, and/or a mobile computing device 605C (e.g., a smartphone), or other computing device. Any of these embodiments of the client computing device may obtain the content from storage 616.
For example, embodiments of the present invention are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the invention. The functions/acts noted in the block diagrams may occur out of the order noted in any of the flowcharts. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.
The description and illustration of one or more embodiments provided herein is not intended to limit or define the scope of the invention as claimed in any way. The embodiments, examples, and details provided in this application are deemed sufficient to convey possession and enable others to make and use the best mode of the claimed invention. The claimed invention should not be construed as limited to any one embodiment, example, or detail provided in this application. Whether shown and described in combination or separately, each (structure and method) feature is intended to be selectively included or omitted to produce an embodiment having a particular set of features. Having provided a description and illustration of the present application, those skilled in the art may devise variations, modifications, and alternative embodiments that fall within the spirit of the broader aspects of the general inventive concepts embodied in the present application without departing from the broader scope of the claimed invention.

Claims (20)

1. A computer-implemented method for uploading and/or downloading data between a secure data management center/repository and an external data generator/user, comprising:
receiving a request to upload data from the external data generator/user to the secure data management center/repository;
configuring a data uploader module at the external data producer/consumer for uploading the requested data;
transforming the requested data from a first state to a second state required by the secure data management center/repository;
uploading the requested and transformed data to a proxy service to validate the data uploader module for uploading data to the secure data management center/repository; and
storing the uploaded data at one or more desired storage locations of the secure data management center/repository.
2. The computer-implemented method of claim 1, wherein the uploading of the requested data to the secure data management center/repository is scheduled prior to receiving a request to upload data from the external data generator/user to the secure data management center/repository.
3. The computer-implemented method of claim 1, wherein transforming the requested data from the first state to a second state required by the secure data management center/repository comprises encrypting Personally Identifiable Information (PII) included in the requested data.
4. The computer-implemented method of claim 1, wherein uploading the requested and transformed data to a proxy service to authenticate the data uploader module comprises uploading the data to the proxy service through an export plug-in module operated by the data uploader module, which results in uploading of data from the uploader module for passage through the proxy service for authentication.
5. The computer-implemented method of claim 1, wherein the one or more locations at the secure data management center/repository that will be used to store the uploaded data are determined at the proxy service prior to storing the uploaded data at the one or more desired storage locations at the secure data management center/repository.
6. The computer-implemented method of claim 1, further comprising processing data stored at one or more locations at the secure data management center/repository and generating any required reports on the processed data.
7. The computer-implemented method of claim 1, further comprising receiving a request to download data from the secure data management center/repository to the external data generator/user.
8. The computer-implemented method of claim 7, wherein a data download for downloading the requested data from the secure data management center/repository to the external data generator/user is scheduled prior to receiving the request to download data.
9. The computer-implemented method of claim 7, further comprising configuring, via the proxy service, a data downloader module for downloading the requested download data from the secure data management center/repository to the external data generator/user.
10. The computer-implemented method of claim 9, further comprising downloading the requested download data to the external data generator/user.
11. The computer-implemented method of claim 10, wherein the requested download data is transformed from a first state stored at the secure data management center/repository to a second state required by the external data generator/user prior to downloading the requested download data to the external data generator/user.
12. The computer-implemented method of claim 11, wherein transforming the requested download data from a first state stored at the secure data management center/repository to a second state requested by the external data generator/user comprises decrypting any encrypted PII contained in the download data.
13. A system for communicating data between an unsecure computing system and a secure computing system, the system comprising:
one or more processors;
memory storing one or more modules executable by the one or more processors, the one or more modules comprising:
a data uploader module, the data uploader module to:
receiving a request to upload data from the unsecure computing system to the secure computing system;
reading a configuration file for obtaining instructions for uploading the data from the unsecure computing system to the secure computing system;
transforming the requested data from the first state to a second state required by the secure computing system;
uploading the transformed data to a proxy service to validate the data uploader module for uploading data to the secure computing system; and
a proxy service to store the uploaded data at one or more desired storage locations of the secure computing system.
14. The system of claim 13, wherein the data uploader module is further to verify that the data uploader module is for uploading data to the secure computing system by exporting a plug-in module by which data is automatically passed to a proxy service to upload the transformed data to the proxy service.
15. The system of claim 13, further comprising a scheduler module to:
scheduling an upload of data from the unsecure computing system to the secure computing system; and
scheduling a download of data from the secure computing system to the non-secure computing system.
16. The system of claim 13, wherein the proxy service is further to verify the data uploader module by comparing the received credentials for the data uploader module with credentials associated with a previously authenticated data uploader module.
17. A computer-readable medium having computer-executable instructions which, when executed by a computer, perform a method for uploading and/or downloading data between a secure data center and an external data center, the method comprising:
receiving a request to upload data from the external data center to the secure data center;
configuring a data uploader module at the external data center for uploading the requested data;
transforming the requested data from a first state to a second state required by the secure data center;
uploading the transformed data to a proxy service to validate the data uploader module for uploading data to the secure data center;
processing the uploaded data at one or more desired storage locations of the secure data center;
receiving a request to download the processed uploaded data from the secure data center to the external data center; and
downloading the processed uploaded data to the external data center via the proxy service.
18. The computer-readable medium of claim 17, wherein the one or more locations at the secure data center for processing the uploaded data are determined at the proxy service prior to processing the uploaded data at the one or more desired storage locations of the secure data center.
19. The computer-readable medium of claim 17, wherein transforming the requested data from the first state to a second state required by the secure data center comprises encrypting Personal Identifiable Information (PII) included in the requested data.
20. The computer-readable medium of claim 19, wherein the processed uploaded data is transformed from a first state stored at the secure data center to a second state required by the external data center prior to downloading the processed requested data to the external data center via the proxy service.
CN201580056592.1A 2015-03-02 2015-03-02 Uploading and downloading data between a secure data system and an external data system Active CN107210992B (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2015/073486 WO2016138613A1 (en) 2015-03-02 2015-03-02 Uploading and downloading data between secure data systems and external data systems

Publications (2)

Publication Number Publication Date
CN107210992A CN107210992A (en) 2017-09-26
CN107210992B true CN107210992B (en) 2020-03-31

Family

ID=56849167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201580056592.1A Active CN107210992B (en) 2015-03-02 2015-03-02 Uploading and downloading data between a secure data system and an external data system

Country Status (2)

Country Link
CN (1) CN107210992B (en)
WO (1) WO2016138613A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
SG10201708937QA (en) * 2017-10-31 2019-05-30 Mastercard International Inc Validation devices, servers, validation methods, and file modification methods

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103595789A (en) * 2013-11-14 2014-02-19 国家电网公司 Wireless safe electric file sharing device based on WIFI

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB0224632D0 (en) * 2002-10-23 2002-12-04 Ibm Secure transmission using adaptive transformation and plural channels
US7196622B2 (en) * 2003-04-09 2007-03-27 Savi Technology, Inc. State monitoring of a container
CN102761521B (en) * 2011-04-26 2016-08-31 上海格尔软件股份有限公司 Cloud security storage and sharing service platform
CN102316105B (en) * 2011-09-06 2014-07-16 宇龙计算机通信科技(深圳)有限公司 Method for raising data security and apparatus thereof

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103595789A (en) * 2013-11-14 2014-02-19 国家电网公司 Wireless safe electric file sharing device based on WIFI

Also Published As

Publication number Publication date
WO2016138613A1 (en) 2016-09-09
CN107210992A (en) 2017-09-26

Similar Documents

Publication Publication Date Title
EP3271857B1 (en) Tenant lockbox
US10084789B2 (en) Peer to peer enterprise file sharing
US9430211B2 (en) System and method for sharing information in a private ecosystem
US20180062852A1 (en) Systems and methods for secure collaboration with precision access management
US20180054438A1 (en) Proxy service for uploading data from a source to a destination
CN109691057B (en) Interchangeably retrieving sensitive content via a private content distribution network
US9674156B2 (en) Event-triggered release through third party of pre-encrypted digital data from data owner to data assignee
US10635828B2 (en) Tokenized links with granular permissions
US20210092127A1 (en) Writing role-backed access control to chain
US20170371625A1 (en) Content delivery method
US10630722B2 (en) System and method for sharing information in a private ecosystem
US11456872B2 (en) Offline protection of secrets
CN109565518A (en) Interchangeable content retrieval
US9584508B2 (en) Peer to peer enterprise file sharing
US9571288B2 (en) Peer to peer enterprise file sharing
US20180219674A1 (en) Successive cryptographic techniques
US9843563B2 (en) Securing relayed email communication
CN107210992B (en) Uploading and downloading data between a secure data system and an external data system
CN107077490B (en) Data query job submission management
WO2016091210A1 (en) Content delivery method
EP3557469B1 (en) System, method and computer program for secure data exchange
CN114861200A (en) Data processing method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant