WO2016138613A1

WO2016138613A1 - Uploading and downloading data between secure data systems and external data systems

Info

Publication number: WO2016138613A1
Application number: PCT/CN2015/073486
Authority: WO
Inventors: Haitao Liu; Shun Luo; Lue CHEN; Kuang LUO; Xiong PENG; Shiliang Li; Bin Hu; Chunyi Huang; Hsin Hui Huang; Shuangjian WANG; Bei LU; Fang Wei; Hai-yun HE; Yunquan Peng
Original assignee: Microsoft Technology Licensing, Llc
Priority date: 2015-03-02
Filing date: 2015-03-02
Publication date: 2016-09-09
Also published as: CN107210992A; CN107210992B

Abstract

Automated uploading and downloading of data between a potentially unsecure external data generator/user and a secure data management center/repository is provided. A data uploader module at an external data generator/user is configured to upload data to a secure data management center/repository. Data to be uploaded is transformed, as required, and the transformed data is then passed to a proxy service where the data uploader is validated for uploading data to the secure data management center/repository. At the proxy service, one or more specific locations to which the uploaded data is to be stored at the data management center/repository are determined, and the data is then passed to and is stored at the determined locations. At the data management center/repository, the uploaded data is processed as required. Data at the data management center/repository may be downloaded back to the external data generator/user through the proxy service as needed.

Description

UPLOADING AND DOWNLOADING DATA BETWEEN SECURE DATA SYSTEMS AND EXTERNAL DATA SYSTEMS

BACKGROUND

With the advent of modern computing systems, massive amounts of data are generated with millions of computers around the world. In many cases, data is maintained, processed and reported at/from large data centers in which thousands of computers are networked for storing and processing data. In addition, online software and data management/processing systems now create a situation where small and very large users alike of computing and data services must send data to, have data processed at, and extract data from one or more remote data centers. For example, a company with thousands of computing users may utilize online software and data management of a remote software and data management services provider. One problem with such an arrangement is that services provider’s systems must be highly secured because each of the various subscribers to their services must send secure data to the services provider, and each subscriber expects their data to be secure from other subscribers. Thus, uploading and downloading data to/from a secure data center/repository from an external (and potential unsecure) computing system creates security concerns. There is a need for methods and systems for managing the uploading and downloading of data between external users/entities and secure data centers/repositories. It is with respect to these and other considerations that the present invention has been made.

SUMMARY

This summary is provided to introduce a selection of concepts in a simplified form that are further described below in the detailed description. This summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended as an aid in determining the scope of the claimed subject matter.

Aspects of the present invention solve the above and other problems by providing automated uploading and downloading of data between an external data generator/user and a secure data management center/repository. According to aspects of the invention, a data uploader module at an external data generator/user is configured to upload data to a secure data management center/repository. Data to be uploaded is transformed, as required, for example, encryption of personally identifiable information (PII) . The transformed data is then passed to a proxy service where the data uploader is validated for uploading data to the secure data management center/repository. At the proxy service, one or more specific locations to which the uploaded data is to be stored at the data management center/repository are determined, and the data is then passed to and is stored at the one or more determined locations. At the data management center/repository, the uploaded data is processed and reports are generated, if required.

Download of processed data and/or reports back to the external data generator/user may then be scheduled, if desired. A data downloader module at the proxy service may be configured for downloading the data back to the external generator/user. If required, the data is transformed, for example, decrypting PII, and the transformed data is then downloaded to the external generator/user where it may be processed and utilized as desired.

The details of one or more embodiments are set forth in the accompanying drawings and description below. Other features and advantages will be apparent from a reading of the following detailed description and a review of the associated drawings. It is to be understood that the following detailed description is explanatory only and is not restrictive of the invention as claimed.

BRIEF DESCRIPTION OF THE DRAWINGS

The accompanying drawings, which are incorporated in and constitute a part of this disclosure, illustrate various aspects of the present invention.

Fig. 1A is a simplified block diagram of one example of a system architecture for uploading data from an external data generator/user to a secure data management center/repository.

Fig. 1B is a simplified block diagram of one example of a system architecture for downloading data from a secure data management center/repository to an external data generator/user.

Fig. 2A is a simplified block diagram of one example of a data uploader module for uploading data from a source location to a destination location.

Fig. 2B is a simplified block diagram of one example of a proxy service for ensuring that data uploads to a secure destination storage repository and data read/download requests are processed from trustworthy sources/requesters.

Fig. 3 is a flow chart of an example method for uploading/downloading data between a secure data management center/repository and an external data generator/user.

Fig. 4 is a block diagram illustrating example physical components of a computing device with which aspects of the present invention may be practiced.

Figs. 5A and 5B are simplified block diagrams of a mobile computing device with which aspects of the present invention may be practiced.

Fig. 6 is a simplified block diagram of a distributed computing system in which aspects of the present invention may be practiced.

DETAILED DESCRIPTION

The following detailed description refers to the accompanying drawings. Wherever possible, the same reference numbers are used in the drawings and the following description to refer to the same or similar elements. While embodiments of the invention may be described, modifications, adaptations, and other implementations are possible. For example, substitutions, additions, or modifications may be made to the elements illustrated in the drawings, and the methods described herein may be modified by substituting, reordering, or adding stages to the disclosed methods. Accordingly, the following detailed description does not limit the invention, but instead, the proper scope of the invention is defined by the appended claims.

As briefly described above, aspects of the present invention are directed to automated uploading and downloading of data between an external data generator/user and a secure data management center/repository. For purposes of illustration in the description of the various components and processing steps illustrated and described with reference to Figs. 1A through 6, consider, for example, that an external data generator/user is a company comprised of hundreds or thousands of employees using hundreds or thousands of individual and networked computing systems for generating, maintaining and distributing data of various types. Consider that the example company’s employees generate hundreds of word processing, spreadsheet, slide presentation, database, and other types of documents and data sets on a daily basis.

Consider further for example, that the external generator/user company utilizes online software and data management services of a computing software and data management services system that operates a large data management center/repository at which online services are operated and at which data is received, maintained, processed and reported-on at the direction of the external generator/user. Consider further for example that on a regular and frequent basis, the external generator/user of data passes user data (for example, documents, data, etc. ) to the services provider for any services that may be provided with respect to the data, for example, storage, editing, collaboration with other users, processing, export to other users, download back to originating users, and the like.

Consider further that additional types of data, for example, systems performance data, software performance data, systems use data, and the like may be uploaded from the external generator/user of data to the services provider at the secure data management center/repository for storage, processing, reporting on, exporting to other recipients or back to the originating generator/user of the data, as required.

As should be appreciated from this example data management scenario, data of various types must be uploaded from the external generator/user to the secure services provider, and similarly, data must be downloaded from the secure services provider back to the external generator/user, as required. In either case, data must be transferred between the external generator/user and the secure data management center/repository while maintaining the security of the data and systems at the secure data management center/repository from any unauthorized and/or harmful data upload or download.

Fig. 1A is a simplified block diagram of one example of a system architecture for uploading data from a source location to a destination location. The system architecture 100 is comprised of various example computing components for uploading data from a variety of source computing systems (or individual computers) to a variety of destination storage repositories. At the bottom of Fig. 1, a data center 105 is illustrative of a data center operated by an external data generator/user that may need to upload data of various types to secure data management center/repository as described above. The data center 105 may house hundreds, thousands or more individual computers or computing systems 110 on which may be stored data of a variety of data types that may be processed using a variety of different computing processes, for example, a variety of software applications. For example, each of the computing devices 110 may include computers of various types, for example, server computers, for storing user data in databases, electronic mail systems, document management systems, and the like, and the computing systems 110 may be used for running a variety of computing system software applications, for example, database applications, electronic mail systems applications, web services applications, online software provision applications, productivity applications, data management system applications, telecommunications applications, and the like.

As should be appreciated, the data center 105 is also illustrative of one of many data centers that may be co-located, or that may be located at different locations and that may be associated with each other via various transmission systems for passing data between disparate data centers. In addition, while the data center 105 is illustrated as a data center in which numerous computer systems 110 may be located for provision of data and services, as described above, the data center 105 is equally illustrative of an entity such as a company, educational facility or a single computing device, for example, a desktop, laptop, tablet, handheld, or other computing device operated by an individual user from which user data and/or computer system data may be extracted, transformed (if required) and exported to a destination storage repository for analysis and further use, as desired.

Referring still to the data center 105, each computing device 110 is associated with an uploader module 115 that is operative for uploading user and/or system data from each associated computer/computing system 110 and for transforming, if required, and exporting the extracted data to a designated destination storage repository. The uploader module 115 is described in further detail below with respect to Fig. 2A. According to one aspect of the invention, an uploader module 115 may be installed on each associated computer/computing system 110.

Alternatively, a single uploader module 115 may be operated as a standalone module that may be associated with a plurality of computing systems 110. In such a case, the uploader module may operate as a remote uploader module that may access one or more associated computing systems 110 through a distributed computing network, for example, the Internet or an intranet. That is, according to aspects of the invention, the uploader module 115 may be installed on an associated computing device 110, or the uploader module may operate remotely of a computing device from which data may be extracted for transformation of the data, if required, and for exporting the data to a destination storage repository, as described herein.

Referring still to Fig. 1A, an edge router 120 is illustrative of a typical router device for passing extracted data from a given uploader module to systems external to the data center 105. As should be appreciated, the edge router 120 may be responsible for ensuring that data passed from a given data center 105 is properly passed to a desired destination system component, for example, that packetized data passing from the uploader module is properly routed to a correct destination component of the system 100.

The distributed computing network 125 (illustrated in Fig. 1A as a dotted line) is illustrative of any network such as the Internet or an intranet through which data may be passed from the data center to components external to the data center such as destination storage repositories 145a-c of the secure data management center/repository, described below.

The edge router 135 is illustrative or a receiving edge router through which data may be passed to a proxy service 140 responsible for ensuring received data is properly authenticated prior to allowing received data to be passed to one or more destination storage repositories 145a-c. Operation of the proxy service 140 is described in further detail below with reference to Fig. 2B.

The storage repositories 145a-c are illustrative of any data storage repository that may be authorized to receive data uploaded via the uploader modules 115. For example, the destination storage repositories 145a-c may be associated with a secure data management center/repository of a services provider for receiving, storing and analyzing data associated with computing systems and software services provided for customers of the services provider, for example, a company operating its computing systems 110 and/or data center 105 external to the secure data management center/repository. For example, the storage repository 145a may be designated for receiving user data and computing system data associated of various types that may then be stored at and/or processed at one or more locations within the data repository 145a or at one or more locations separate from the repository 145a.

For example, the data repository 145a may serve as a primary secure data repository of a secure data management center/repository that receives data uploads from external data generators/users. Access points 152, 154 and 156 represent access points at the data repository 145a through which data may be passed from the proxy service 140 for uploading data to one or more specific data locations 160, or for passing data through one or more specific

data access points

158, 162 for passing the data to other data repositories 145b, 145c.

The data repository 145b may be designated for receiving and analyzing user data and systems data associated with one or more services or data types. For example, the data repository 145b is illustrative of a cloud services system operated at the secure data management center/repository 144 of a given services provider. A scheduler module 166 is illustrative of a software module or device operative for scheduling data uploads and downloads to and from the data repository 145b. A pumper module 168 is illustrative of a software module or device operative for distributing data to and from components of the data repository 145b. An analytics module 170 is illustrative of a software module or device operative for outputting and/or displaying or otherwise presenting data from the storage repository 145b.

The destination storage repository 145c is illustrative of another component of the secure data management center/repository 144. For example, the destination storage repository 145c may be in the form of a database system operated at the secure data management center/repository 144 of a given services provider. A scheduler module 166 is illustrative of a software module or device operative for scheduling data uploads and downloads to and from the data repository 145c. A pumper module 168 is illustrative of a software module or device operative for distributing data to and from components of the data repository 145c. An analytics module 170 is illustrative of a software module or device operative for outputting and/or displaying or otherwise presenting data from the storage repository 145c.

As should be appreciated the descriptions of the components of the secure data management center/repository 144 and the

individual components

145a, 145b, 145c are for purposes of example and illustration only and are not limiting of various other components or systems that may be operated as part of the secure data management center/repository to which data may be uploaded or from which data may be downloaded from/to an external (and potentially unsecure) data generator/user. For example components of the secure data management center/repository 144 may provide for online software and data management provision, for example, provision of word processing services, slide presentation application services, database application services, spreadsheet application services, telecommunications application services, and the like provided to various users via one or more online software application services and data management systems.

Fig. 1B is a simplified block diagram of one example of a system architecture for downloading data from a secure data management center/repository 107 to an external data generator/user 105. The components illustrated in Fig. 1B are a subset of components illustrated in Fig. 1A and are provided here for illustrating the downloading of data from a given storage repository of the secure data management center/repository 107 back to the external generator/user 105, described above. As illustrated in Fig. 1B, and as described in further detail below with reference to Fig. 3, when an external generator/user 105 requires a download of data back to its systems, the download of data is managed by a downloader module 115 and by the proxy service 140 in a similar manner as the upload of data from the external generator/user 105 to the secure data management center/repository 107, as illustrated and described with reference to Fig. 1A.

For example, in response to processing and report generation on a set of data passed from the external generator/user 105 to the secure data management center/repository 107, as described about with reference to Fig. 1A, a subsequent download of data, for example, a report on the processing of a set of data, may be scheduled for download back to the external generator/user. In Fig. 1B, components of the cloud services system 145b are illustrated for purposes of example. As should be appreciated, any of the other components of the secure data management center/repository may be utilized for scheduling and downloading data to the external generator/user.

Referring still to Fig. 1B, the cloud services center 145b includes the data upload/download scheduler module 166, as described above with reference to Fig. 1A, and also includes a jobs module 180 and a data module 178. The jobs module 180 is illustrative of a software module or system operative for processing data upload and download jobs to/from the cloud services system 145b, and the data module 178 is illustrative of a system or module operative for extracting or loading data from/onto the cloud services system 145b.

According to aspects of the present invention, when a data download is requested from the external generator/user 105, the data download is scheduled by the scheduler module 166. At the scheduled time for the requested download, a downloader module 115 operated at the proxy service 140 reads a configuration file for any information required for downloading the requested data, for example, whether the data is to be transformed in any manner prior to download and whether a particular download plug-in may be needed for downloading the data to a particular component of the external generator/user. As will be described in detail below with reference to Figs. 2A and 2B, because the requested data download will be passing between a secure site and a potentially unsecure site, the downloader module will be configured for downloading the data to the proxy service 140 which will validate the data downloader’s security credentials for downloading the data from the secure location to the potentially unsecure location at the requesting external data generator/user.

After the downloaded data is passed through the proxy service 140, the data may be passed to the external generator/user system 105 for storage, processing, or other use as required by the receiving party. As illustrated in Fig. 1B, the downloaded data may pass through a pumper module 194 that is responsible for distributing the data to various components of the receiving party’s systems including to a data store 196. A jobs module 190 and a jobs data module 192 are illustrative of systems, modules or components for managing the distribution of downloaded and uploaded data to and from various components of the external generator/user system 105. The uploader module 188 is illustrative of an uploader module operative for uploading data from the external generator/user system 105 through the proxy service 140 and back to the systems of the secure data management center/repository 107, as illustrated and described above with reference to Fig. 1A.

Referring now to Fig. 2A, operation of the data uploader 115 and data downloader 115 is illustrated and described. As briefly described above, the data uploader and data downloader are software applications or software modules containing sufficient computer executable instructions for reading, transforming (if required) and exporting data of a variety of data types from the external data generator/user on the unsecure side to the secure data management center/repository on the secure side. The data uploaders and downloaders are also operative to pass data from the secure side back to the unsecure side. As should be appreciated, the data uploader and downloader may be identical modules and are only designated as uploader versus downloader based on the direction of the data movement.

The data uploader or downloader (hereafter referred to as data loader) 115 includes an operation module 205 for receiving data upload instructions and for directing the processing of components of the data loader module 115. A configuration file reader 210 is a module with which the data loader 115 reads a configuration file 215 for data uploading instructions, as described below. A data reader module 225 is operative to read data of a variety of data types via a data reader plug-in module 227. A data transformation module 230 is a module operative for transforming data in response to data transformation information read from the configuration file 215 via a data transformation plug-in 232. A data export module 235 is operative to export data from memory to a designated destination storage repository 145a-c as designated by instructions received from the configuration file 215 via the data export plug-in 237.

That is, the data reader module 225, data transformation module 230, data export module 235 are modules of the data loader module 115 operative to read, transform and export data of a variety of types as designated by information contained in the configure file 215. And, each of the

modules

225, 230, 235 may be enabled to read, transform and export data as instructed based on a variety of plug-ins 227, 232, 237 accessed by the data loader operation module 205 or installed on the data loader 115 to allow the loader 115 to read, transform and export data according to a variety of data types 220 that are designated for uploading to a given destination storage repository 145a-c.

Various data reader, data transformation and data export plug-in modules 227, 232, 237 may be provided to the data loaders 115 or may be accessed by the data loader modules 115 as required for different types of data reading transformation and export. For example, a services provider which needs to receive transformed data from various computing devices operated at a data center 105 may provide data reader plug-ins, data transformation plug-ins, and data export plug-ins for use by data loader modules 115 for reading, transforming and exporting data according to their individual needs.

Data that may be read, transformed, and exported, as described herein, may be of an almost limitless number of different data types. Such data may be in the form of operating systems events, text files, XML files, HTML files, contents of data bases (e.g., SQL databases) , electronic mail files, calendaring information, word processing documents, spreadsheet documents, slide presentation documents, tasks documents and files, and the like.

Before the data is passed to the destination storage repository, the data may require transformation for a variety of reasons. For example, if the data contains sensitive confidential and/or personal information associated with a given user, for example, the user’s name, social security number, driver’s license number, financial data, and the like, such personally identifiable information (PII) may be scrubbed from the data by the uploader module before the data is passed to the destination storage repository to prevent such personally identifiable information from being passed to an unauthorized person or entity. Similarly, if the data extracted from a given computer of computing system at the data center 105 is stored according to a first format, but the data will be stored at the desired destination storage repository according to a second format, the uploader module 115 may transform the data from the first format to the second format so that it may be properly stored and utilized at the destination storage repository.

For example, if a given destination storage repository is associated with a software application services provider, and the services provider would like to analyze a number of documents produced and stored at one or more computing devices at a data center 105, the services provider may require that any personally identifiable information be scrubbed from the data before it is passed to the storage repository for analysis and review because the services provider does not need nor want personally identifiable information about the document, but instead, the services provider may want to analyze other characteristics, attributes or properties of the document to ensure that the services provider’s software applications with which the document was produced are operating properly.

In addition, the document may be stored at the computing system 110 according to a first format, for example, a database format, but the destination storage repository may need the document according to a second format. Just as the data may be scrubbed of PII, the data may be transformed in a variety of other ways, such as from the first format to the second format, before it is passed to and stored at the desired destination storage repository. Thus, according to aspects of the present invention, data may be extracted, transformed as required and exported from one or many computing devices or computing systems via an uploader module before it is passed to and stored at one or many destination storage repositories.

As should be appreciated, a given data loader 115 may be installed on a given computing device 110 or may be otherwise associated with or provided access to a given computing device 110, and the data loader 115 may be enabled for reading data of many different types by associating a data reader plug-in 227 to allow the loader 115 to read data of a designated type. Similarly, the data loader 115 may be enabled to transform data as desired by associating the loader with a data transformation plug-in required for the desired transformation. Similarly, the data loader module 115 may be enabled to export data as desired by associating the loader with an appropriate data export plug-in 237.

The configuration file 215 is illustrative of a file that may be accessed by the data loader module 115 for receiving data uploading instructions for a given set or type of data. Data uploading instructions contained in the configuration file may provide information including the data types associated with data to be uploaded, data reading instructions, as well as, security information for allowing the loader module to access desired data. In addition, the configuration file may provide instructions on how desired data is to be transformed, if required, and instructions on where uploaded data is to be stored and in what file type exported data is to be stored. As described below, the configuration file may also provide the data loader with a specified export plug-in for causing the data loader to pass data to a specified component such as the proxy service 140.

Referring now to Fig. 2B, the proxy service 140 is a system or software module operative to authenticate requests for uploading data to a secure destination storage repository 145a-c and/or for authenticating data download/read requests from a secure destination storage repository 145a-c. Consider for example that data, whether user data or system data, is to be uploaded from a computing device/system 110 of the external data generator/user side 105 (unsecure side) via a loader module 115 to a secure storage repository 145a-c, or a request to download data or read data stored at a secure destination storage repository is received from a computing device/system 110 at the external data generator/user side 105 (unsecure side) . Consider further for example that the computing device/system 110 from which the data upload is requested or from which the data download/read request is received is a computing device/system that operates external to the storage repository to which the request is passed. For example, the storage repository may be part of an internal corporate entity data storage system and the computing device from which the upload/download/read request is received may be operated by a third party entity operating outside a secure network or data center in which the storage repository is maintained. In such a case, it may be possible for harmful or other undesired data to be uploaded to the secure storage repository, or it may be possible for sensitive data and other information to be downloaded or read from the secure storage repository by unauthorized persons or entities.

According to aspects of the present invention, the proxy service 140 is a system component and/or software module operative for authenticating data upload or data download/read requests made to secure destination storage locations/repositories to prevent unauthorized uploading or access to secure data. Referring still to Fig. 2B, the proxy service 140 includes a data transmission module 250 which is a software module and/or system component operative to receive data transmissions from an loader module 115 for passing uploaded data from a computing device 110 onto which the loader module 115 is installed or with which the loader is associated to a destination storage repository 145a-c. The data transmission module 250 is also operative to pass downloaded data or data responsive to read requests from the destination storage repository to a requesting computing device 110 via the loader 115, 130. The authentication module 255 is a device or software module operative to authenticate the source of a data upload/download/read request to ensure that the source is trustworthy for either uploading data to a secure repository or for downloading or reading data from a secure repository.

The memory 260 is illustrative of a memory location housed either in the proxy service 140 or accessible by the proxy service 140 in which may be stored information required for authenticating upload/download/read requests. According to aspects of the invention, the Internet protocol (IP) address list 265 is illustrative of a list of IP addresses that may be used for comparing against an IP address associated with a data upload/download/read requester. The certificate list 270 is illustrative of a list of authentication certificates that may be used to compare with an authentication certificate associated with a data upload/download/read requester. A transmission approved list 275 is illustrative of a list of approved sources from which upload/download/read requests previously have been authenticated and approved.

Having described an architecture with which aspects of the present invention may be operated with reference to Figs. 1A through 2B above, Fig. 3 is a flow chart of an example method for uploading/downloading data between a secure data management center/repository and an external data generator/user. For purposes of description, consider the above described example of an upload and subsequent download of data from an external generator/user of data to a secure data management center/repository. As should be appreciated, the examples described herein are only a few examples of an almost infinite variety of data uploads and downloads from an individual computer user or a network of hundreds or thousands of computer users operating external to a secure data management center/repository to which data may be uploaded and from which data may be downloaded, as required.

Referring then to Fig. 3, the method 300 begins at start operation 305 and proceeds to operation 310 where a data upload from a potentially unsecure external generator/user of data is scheduled. As should be appreciated, the data upload may be scheduled by a scheduler module 166, 172 operated at the secure data management center/repository, or the data upload may be scheduled by a scheduler module operated at the external generator/user of data. At operation 315, a request to upload data from the external data generator/user is received in accordance with a scheduled data upload request or in accordance with an on-the-fly data upload request from the external data generator/user.

At operation 320, a data loader module 115, as illustrated and described above with reference to Figs. 1B, 2A and 2B is configured by reading the configuration file 215 for determining instructions and parameters for uploading the requested data. For example, as described above, uploading instructions/parameters for the data loader module may include information as to transformations that may be required, for example, encryption of PII from the uploaded data, as well as instructions as to particular data transform plug-in modules 232 and data export plug-in modules 237 that are to be used for uploading the data.

At operation 325, in accordance with data transformation instructions received by the data loader module, the data to be uploaded is transformed. According to one transformation example, any personally identifiable information is identified and is encrypted so that the PII will not be transmitted to the secure data management center/repository with the uploaded data. That is, while the data services provider operating at the secure data management center/repository may need to process the uploaded data according to a variety of processing operations, there may be no need for any personal information associated with the data at the secure data management center/repository. As should be appreciated, other transformation of the data may include changing the data from one file type to another file type or may include performance of actual operations on the data, for example, summing data in a spreadsheet or database file, hashing information contained in a given file, and the like.

At operation 330 the transformed data is uploaded by the loader module 115 to the proxy service 140 for validation of the loader module 115 as a valid data loader from which data may be received for uploading the data to the secure data management center/repository. As described above, the data uploaded from the data loader module operated at the external generator/user may be automatically passed to the proxy service 140 because the loader module utilizes an expert plug-in module as instructed by the configuration file 215 that automatically passes the data to the proxy service as opposed to allowing the data to pass directly to the secure location.

At operation 335, the data loader module attempting to upload the data to the secure data management center/repository is validated according to credentials associated with the data loader module, as described above with reference to Fig. 2B. For example, an IP address associated with the data loader module may be compared against a list of IP addresses associated with previously designated authenticated sources. A secondary authentication step may also be performed, for example, comparing an authentication certificate provided by the data loader module with a list of authentication certificates associated with data loader modules previously authenticated as valid for uploading data to the secure location. In addition, any number of other authentication credentials, including encrypted keys, user name/password combinations, and the like may be utilized for validating the data loader module as valid for uploading the desired the data. At operation 340 if the data loader module is not validated, the method proceeds back to operation 315 where the data upload may be requested again, and where administrative personnel may update the credentials provided with the data loader module.

At operation 345, if the data loader module is authenticated as a valid data loader module, the proxy service 140 may determine locations at the secure data management center/repository for uploading the requested data. That is, as described above with reference to Fig. 1A, the proxy service 140 is operative to direct one or more portions of the uploaded data to specific storage locations at the primary secure data repository 145a from which the data may then be passed to other repositories, for example, the cloud services system 145b or the database system 145c, or other components/systems operating on the secure side 107. Information required by the proxy service 140 for directing the storage of data or components of the data at one or more locations at the secure data management center/repository may be provided from the loader module based on information read from the configuration file 215.

At operation 350, the data is stored at required locations, and at operation 355, the data is processed as required and any required reports are generated. For example, if the data uploaded from the external generator/user is user data, for example, documents generated by one or more users at the external generator/user, such documents may be passed to the cloud services system 145b for storage and management along with other documents uploaded by the external generator/user. Alternatively, if the data uploaded from the external generator/user includes systems data concerning the operation of computing systems at the external generator/user, such systems data may be passed to and stored at the database system 145c where it may be summarized with other systems data for generating a report that may be passed back to the external generator/user for management of its computing systems. As should be appreciated, these are but a couple of examples of the processes that may be performed on uploaded data.

At operation 360, any required data downloads from the secure data management center/repository may be scheduled by the scheduling modules 166 for downloading information back to the external generator/user. For example, data, such as systems reports, may be scheduled for periodic download to the external generator/user according to a previously configured frequency, for example, once every 24 hours. Alternatively, data may be downloaded from the secure data management center/repository on an on-the-fly basis, for example, where user documents are stored and processed by online software systems operated at the secure data management center/repository, and where such documents may be downloaded by individual users or administrative personnel at the external generator/user on an as needed basis.

At operation 365, in response to a scheduled download or a requested download, the downloader module 115 is configured for downloading the data from the secure data management center/repository to the requesting external generator/user in a similar manner as data is uploaded from the external generator/user to the secure data management center/repository. That is, the downloader module is configured to perform any required transformations and to pass authentication credentials to the proxy server 140 for validating itself for downloading the data out of the secure data management center/repository.

At operation 370, the downloaded data is transformed, as required. For example, if the downloaded data contains encrypted personally identifiable information (PII) , a transformation plug-in module operated by the downloader module 115 may transform the data by decrypting the PII information so that when the data is received at the external generator/user, the previously encrypted PII information is decrypted for use by the requesting user. At operation 375, the requested data is downloaded to the external generator/user as described above with reference to Fig. 1B. The method 300 ends at operation 395.

While the invention has been described in the general context of program modules that execute in conjunction with an application program that runs on an operating system on a computer, those skilled in the art will recognize that the invention may also be implemented in combination with other program modules. Generally, program modules include routines, programs, components, data structures, and other types of structures that perform particular tasks or implement particular abstract data types.

The embodiments and functionalities described herein may operate via a multitude of computing systems including, without limitation, desktop computer systems, wired and wireless computing systems, mobile computing systems (e.g., mobile telephones, netbooks, tablet or slate type computers, notebook computers, and laptop computers) , hand- held devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, minicomputers, and mainframe computers.

In addition, the embodiments and functionalities described herein may operate over distributed systems (e.g., cloud-based computing systems) , where application functionality, memory, data storage and retrieval and various processing functions may be operated remotely from each other over a distributed computing network, such as the Internet or an intranet. User interfaces and information of various types may be displayed via on-board computing device displays or via remote display units associated with one or more computing devices. For example user interfaces and information of various types may be displayed and interacted with on a wall surface onto which user interfaces and information of various types are projected. Interaction with the multitude of computing systems with which embodiments of the invention may be practiced include, keystroke entry, touch screen entry, voice or other audio entry, gesture entry where an associated computing device is equipped with detection (e.g., camera) functionality for capturing and interpreting user gestures for controlling the functionality of the computing device, and the like.

Figures 4-6 and the associated descriptions provide a discussion of a variety of operating environments in which embodiments of the invention may be practiced. However, the devices and systems illustrated and discussed with respect to Figures 4-6 are for purposes of example and illustration and are not limiting of a vast number of computing device configurations that may be utilized for practicing embodiments of the invention, described herein.

Figure 4 is a block diagram illustrating physical components (i.e., hardware) of a computing device 400 with which embodiments of the invention may be practiced. The computing device components described below may be suitable for the

computing devices

110, 115, 145, described above. In a basic configuration, the computing device 400 may include at least one processing unit 402 and a system memory 404. Depending on the configuration and type of computing device, the system memory 404 may comprise, but is not limited to, volatile storage (e.g., random access memory) , non-volatile storage (e.g., read-only memory) , flash memory, or any combination of such memories. The system memory 404 may include an operating system 405 and one or more program modules 406 suitable for running software applications 450. The operating system 405, for example, may be suitable for controlling the operation of the computing device 400. Furthermore, embodiments of the invention may be practiced in conjunction with a graphics library, other operating systems, or any other application program and is not limited to any particular application or system. This basic configuration is illustrated in Figure 4 by those components within a dashed line 408. The computing device 400 may have additional features or functionality. For example, the computing device 400 may also include additional data storage devices (removable and/or non-removable) such as, for example, magnetic disks, optical disks, or tape. Such additional storage is illustrated in Figure 4 by a removable storage device 409 and a non-removable storage device 410.

As stated above, a number of program modules and data files may be stored in the system memory 404. While executing on the processing unit 402, the program modules 406 may perform processes including, but not limited to, one or more of the stages of the method 300 illustrated in Figure 3. Other program modules that may be used in accordance with embodiments of the present invention and may include applications such as electronic mail and contacts applications, word processing applications, spreadsheet applications, database applications, slide presentation applications, drawing or computer-aided application programs, etc.

Furthermore, embodiments of the invention may be practiced in an electrical circuit comprising discrete electronic elements, packaged or integrated electronic chips containing logic gates, a circuit utilizing a microprocessor, or on a single chip containing electronic elements or microprocessors. For example, embodiments of the invention may be practiced via a system-on-a-chip (SOC) where each or many of the components illustrated in Figure 4 may be integrated onto a single integrated circuit. Such an SOC device may include one or more processing units, graphics units, communications units, system virtualization units and various application functionality all of which are integrated (or “burned” ) onto the chip substrate as a single integrated circuit. When operating via an SOC, the functionality, described herein, with respect to providing an activity stream across multiple workloads may be operated via application-specific logic integrated with other components of the computing device 400 on the single integrated circuit (chip) . Embodiments of the invention may also be practiced using other technologies capable of performing logical operations such as, for example, AND, OR, and NOT, including but not limited to mechanical, optical, fluidic, and quantum technologies. In addition, embodiments of the invention may be practiced within a general purpose computer or in any other circuits or systems.

The computing device 400 may also have one or more input device (s) 412 such as a keyboard, a mouse, a pen, a sound input device, a touch input device, etc. The output device (s) 414 such as a display, speakers, a printer, etc. may also be included. The aforementioned devices are examples and others may be used. The computing device 400 may include one or more communication connections 416 allowing communications with other computing devices 418. Examples of suitable communication connections 416 include, but are not limited to, RF transmitter, receiver, and/or transceiver circuitry； universal serial bus (USB) , parallel, and/or serial ports.

The term computer readable media as used herein may include computer storage media. Computer storage media may include volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information, such as computer readable instructions, data structures, or program modules. The system memory 404, the removable storage device 409, and the non-removable storage device 410 are all computer storage media examples (i.e., memory storage. ) Computer storage media may include RAM, ROM, electrically erasable read-only memory (EEPROM) , flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other article of manufacture which can be used to store information and which can be accessed by the computing device 400. Any such computer storage media may be part of the computing device 400. Computer storage media does not include a carrier wave or other propagated or modulated data signal.

Communication media may be embodied by computer readable instructions, data structures, program modules, or other data in a modulated data signal, such as a carrier wave or other transport mechanism, and includes any information delivery media. The term “modulated data signal” may describe a signal that has one or more characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media may include wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, radio frequency (RF) , infrared, and other wireless media.

Figures 5A and 5B illustrate a mobile computing device 500, for example, a mobile telephone, a smart phone, a tablet personal computer, a laptop computer, and the like, with which embodiments of the invention may be practiced. With reference to Figure 5A, one embodiment of a mobile computing device 500 for implementing the embodiments is illustrated. In a basic configuration, the mobile computing device 500 is a handheld computer having both input elements and output elements. The mobile computing device 500 typically includes a display 505 and one or more input buttons 510 that allow the user to enter information into the mobile computing device 500. The display 505 of the mobile computing device 500 may also function as an input device (e.g., a touch screen display) . If included, an optional side input element 515 allows further user input. The side input element 515 may be a rotary switch, a button, or any other type of manual input element. In alternative embodiments, mobile computing device 500 may incorporate more or less input elements. For example, the display 505 may not be a touch screen in some embodiments. In yet another alternative embodiment, the mobile computing device 500 is a portable phone system, such as a cellular phone. The mobile computing device 500 may also include an optional keypad 535. Optional keypad 535 may be a physical keypad or a “soft” keypad generated on the touch screen display. In various embodiments, the output elements include the display 505 for showing a graphical user interface (GUI) , a visual indicator 520 (e.g., a light emitting diode) , and/or an audio transducer 525 (e.g., a speaker) . In some embodiments, the mobile computing device 500 incorporates a vibration transducer for providing the user with tactile feedback. In yet another embodiment, the mobile computing device 500 incorporates input and/or output ports, such as an audio input (e.g., a microphone jack) , an audio output (e.g., a headphone jack) , and a video output (e.g., a HDMI port) for sending signals to or receiving signals from an external device.

Figure 5B is a block diagram illustrating the architecture of one embodiment of a mobile computing device. That is, the mobile computing device 500 can incorporate a system (i.e., an architecture) 502 to implement some embodiments. In one embodiment, the system 502 is implemented as a “smart phone” capable of running one or more applications (e.g., browser, e-mail, calendaring, contact managers, messaging clients, games, and media clients/players) . In some embodiments, the system 502 is integrated as a computing device, such as an integrated personal digital assistant (PDA) and wireless phone.

One or more application programs 550 may be loaded into the memory 562 and run on or in association with the operating system 564. Examples of the application programs include phone dialer programs, electronic communication applications, personal information management (PIM) programs, word processing programs, spreadsheet programs, Internet browser programs, messaging programs, and so forth. The system 502 also includes a non-volatile storage area 568 within the memory 562. The non-volatile storage area 568 may be used to store persistent information that should not be lost if the system 502 is powered down. The application programs 550 may use and store information in the non-volatile storage area 568, such as e-mail or other messages used by an e-mail application, and the like. A synchronization application (not shown) also resides on the system 502 and is programmed to interact with a corresponding synchronization application resident on a host computer to keep the information stored in the non-volatile storage area 568 synchronized with corresponding information stored at the host computer. As should be appreciated, other applications may be loaded into the memory 562 and run on the mobile computing device 500.

The system 502 has a power supply 570, which may be implemented as one or more batteries. The power supply 570 might further include an external power source, such as an AC adapter or a powered docking cradle that supplements or recharges the batteries.

The system 502 may also include a radio 572 that performs the function of transmitting and receiving radio frequency communications. The radio 572 facilitates wireless connectivity between the system 502 and the “outside world, ” via a communications carrier or service provider. Transmissions to and from the radio 572 are conducted under control of the operating system 564. In other words, communications received by the radio 572 may be disseminated to the application programs 550 via the operating system 564, and vice versa.

The visual indicator 520 may be used to provide visual notifications and/or an audio interface 574 may be used for producing audible notifications via the audio transducer 525. In the illustrated embodiment, the visual indicator 520 is a light emitting diode (LED) and the audio transducer 525 is a speaker. These devices may be directly coupled to the power supply 570 so that when activated, they remain on for a duration dictated by the notification mechanism even though the processor 560 and other components might shut down for conserving battery power. The LED may be programmed to remain on indefinitely until the user takes action to indicate the powered-on status of the device. The audio interface 574 is used to provide audible signals to and receive audible signals from the user. For example, in addition to being coupled to the audio transducer 525, the audio interface 574 may also be coupled to a microphone to receive audible input, such as to facilitate a telephone conversation. In accordance with embodiments of the present invention, the microphone may also serve as an audio sensor to facilitate control of notifications, as will be described below. The system 502 may further include a video interface 576 that enables an operation of an on-board camera 530 to record still images, video stream, and the like.

A mobile computing device 500 implementing the system 502 may have additional features or functionality. For example, the mobile computing device 500 may also include additional data storage devices (removable and/or non-removable) such as, magnetic disks, optical disks, or tape. Such additional storage is illustrated in Figure 5B by the non-volatile storage area 568.

Data/information generated or captured by the mobile computing device 500 and stored via the system 502 may be stored locally on the mobile computing device 500, as described above, or the data may be stored on any number of storage media that may be accessed by the device via the radio 572 or via a wired connection between the mobile computing device 500 and a separate computing device associated with the mobile computing device 500, for example, a server computer in a distributed computing network, such as the Internet. As should be appreciated such data/information may be accessed via the mobile computing device 500 via the radio 572 or via a distributed computing network. Similarly, such data/information may be readily transferred between computing devices for storage and use according to well-known data/information transfer and storage means, including electronic mail and collaborative data/information sharing systems.

Figure 6 illustrates one embodiment of the architecture of a system for providing the functionality described herein across components of a distributed computing environment. Content developed, interacted with, or edited in association with the applications described above may be stored in different communication channels or other storage types. For example, various documents may be stored using a directory service 622, a web portal 624, a mailbox service 626, an instant messaging store 628, or a social networking site 630. The application 620 (e.g., an electronic communication application) may use any of these types of systems or the like for providing the functionalities described herein across multiple workloads, as described herein. A server 615 may provide the functionality to clients 605A-C and 110. As one example, the server 615 may be a web server providing the application functionality described herein over the web. The server 615 may provide the application functionality over the web to clients 605A-C and 110 through a

network

125, 610. By way of example, a computing devices 110 may be implemented and embodied in a personal computer 605A, a tablet computing device 605B and/or a mobile computing device 605C (e.g., a smart phone) , or other computing device. Any of these embodiments of the client computing device may obtain content from the store 616.

Embodiments of the present invention, for example, are described above with reference to block diagrams and/or operational illustrations of methods, systems, and computer program products according to embodiments of the invention. The functions/acts noted in the blocks may occur out of the order as shown in any flowchart. For example, two blocks shown in succession may in fact be executed substantially concurrently or the blocks may sometimes be executed in the reverse order, depending upon the functionality/acts involved.

The description and illustration of one or more embodiments provided in this application are not intended to limit or restrict the scope of the invention as claimed in any way. The embodiments, examples, and details provided in this application are considered sufficient to convey possession and enable others to make and use the best mode of claimed invention. The claimed invention should not be construed as being limited to any embodiment, example, or detail provided in this application. Regardless of whether shown and described in combination or separately, the various features (both structural and methodological) are intended to be selectively included or omitted to produce an embodiment with a particular set of features. Having been provided with the description and illustration of the present application, one skilled in the art may envision variations, modifications, and alternate embodiments falling within the spirit of the broader aspects of the general inventive concept embodied in this application that do not depart from the broader scope of the claimed invention.

Claims

A computer-implemented method for uploading and/or downloading data between a secure data management center/repository and an external data generator/user, comprising:

receiving a request for uploading data from the external data generator/user to the secure data management center/repository；

configuring a data uploader module at the external generator/user for uploading the requested data；

transforming the requested data from a first state to a second state required by the secure data management center/repository；

uploading the requested and transformed data to a proxy service for validating the data uploader module for uploading data to the secure data management center/repository； and

storing the uploaded data at one or more required storage locations at the secure data management center/repository.
The computer-implemented method of Claim 1, prior to receiving a request for uploading data from the external data generator/user to the secure data management center/repository, scheduling an upload of the requested data to the secure data management center/repository.
The computer-implemented method of Claim 1, wherein transforming the requested data from a first state to a second state required by the secure data management center/repository includes encrypting personally identifiable information (PII) contained in the requested data.
The computer-implemented method of Claim 1, wherein uploading the requested and transformed data to a proxy service for validating the data uploader module includes uploading the data to the proxy service via an export plug-in module operated by the data uploader module that causes a data upload from the uploader module to pass through the proxy service for authentication.
The computer-implemented method of Claim 1, prior to storing the uploaded data at one or more required storage locations at the secure data management center/repository, determining at the proxy service one or more locations at the secure data management center/repository at which the uploaded data is to be stored.
The computer-implemented method of Claim 1, further comprising processing the data stored at one or more locations at the secure data management center/repository and generating any required reports on the processed data.
The computer-implemented method of Claim 1, further comprising receiving a request for downloading data from the secure data management center/repository to the external data generator/user.
The computer-implemented method of Claim 7, prior to receiving a request for downloading data, scheduling a data download for downloading the requested data from the secure data management center/repository to the external data generator/user.
The computer-implemented method of Claim 7, further comprising configuring a data downloader module for downloading the requested download data from the secure data management center/repository to the external data generator/user via the proxy service.
The computer-implemented method of Claim 9, further comprising downloading the requested download data to the external data generator/user.
The computer-implemented method of Claim 10, prior to downloading the requested download data to the external data generator/user, transforming the requested download data from a first state as stored at the secure data management center/repository to a second state required by the external generator/user.
The computer-implemented method of Claim 11, wherein transforming the requested download data from a first state as stored at the secure data management center/repository to a second state required by the external generator/user includes decrypting any encrypted PII contained in the download data.
A system for passing data between an unsecure computing system and a secure computing system, the system comprising:

one or more processors；

memory storing one or more modules that are executable by the one or more processors, the one or more modules comprising:

a data uploader module operative to

receive a request for uploading data from the unsecure computing system to the secure computing system；

read a configuration file for obtaining instructions for uploading the data from the unsecure computing system to the secure computing system；

transform the requested data from a first state to a second state required by the secure computing system；

upload the transformed data to a proxy service for validating the data uploader module for uploading data to the secure computing system； and

a proxy service operative to store the uploaded data at one or more required storage locations at the secure computing system.
The system of Claim 13, the data uploader module being further operative to upload the transformed data to a proxy service for validating the data uploader module for uploading data to the secure computing system via an export plug-in module through which data is automatically passed to the proxy service.
The system of Claim 13, further comprising a scheduler module operative to

schedule data uploads from the unsecure computing system to the secure computing system； and

schedule data downloads from the secure computing system to the unsecure computing system.
The system of Claim 13, the proxy service being further operative to validate the data uploader module by comparing credentials received for the data uploader module with credentials associated with a previously authenticated data uploader module.
A computer readable medium having computer executable instructions which when executed by a computer perform a method for uploading and/or downloading data between a secure data center and an external data center, comprising:

receiving a request for uploading data from the external data center to the secure data center；

configuring a data uploader module at the external data center for uploading the requested data；

transforming the requested data from a first state to a second state required by the secure data center；

uploading the transformed data to a proxy service for validating the data uploader module for uploading data to the secure data center；

processing the uploaded data at one or more required storage locations at the secure data center；

receiving a request for downloading the processed uploaded data from the secure data center to the external data center； and

downloading the processed uploaded data to the external data center via the proxy service.
The computer readable medium of Claim 17, prior to processing the uploaded data at one or more required storage locations at the secure data center, determining at the proxy service one or more locations at the secure data center at which the uploaded data is to be processed.
The computer readable medium of Claim 17, wherein transforming the requested data from a first state to a second state required by the secure data center includes encrypting personally identifiable information (PII) contained in the requested data.
The computer readable medium of Claim 19, prior to downloading the processed uploaded data to the external data center via the proxy service, transforming the processed uploaded data from a first state as stored at the secure data center to a second state required by the external data center.