WO2016209134A1 - Data processing based on location preference - Google Patents

Data processing based on location preference Download PDF

Info

Publication number
WO2016209134A1
WO2016209134A1 PCT/SE2015/050750 SE2015050750W WO2016209134A1 WO 2016209134 A1 WO2016209134 A1 WO 2016209134A1 SE 2015050750 W SE2015050750 W SE 2015050750W WO 2016209134 A1 WO2016209134 A1 WO 2016209134A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
computing device
location
location policy
determining
Prior art date
Application number
PCT/SE2015/050750
Other languages
French (fr)
Inventor
Kazi Wali ULLAH
Jussi Numminen
Abu Shohel AHMED
Original Assignee
Telefonaktiebolaget Lm Ericsson (Publ)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Telefonaktiebolaget Lm Ericsson (Publ) filed Critical Telefonaktiebolaget Lm Ericsson (Publ)
Priority to PCT/SE2015/050750 priority Critical patent/WO2016209134A1/en
Publication of WO2016209134A1 publication Critical patent/WO2016209134A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/101Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
    • G06F21/1013Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to locations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • the present disclosure relates to data processing based on location preference.
  • Data is being created at a staggering rate by various data creation devices such as credit card transactions, environmental monitoring, and personal health monitoring devices. As the amount of created data increases, so does the need to process the created data. In some instances, the data is not processed where it is created but at another location by some other computing device. This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons. In many cases, the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located. In some cases, these computing devices may be operating as Virtual Machines (VMs) running on a host computing device. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing.
  • VMs Virtual Machines
  • Data governance generally means managing the data according to a policy throughout the enterprise. It is a broad topic that can include many aspects of governing data in the cloud, such as managing, assessing, using, storing, monitoring, policy checking, compliance, etc. Many of the data governance policies are associated with geolocation related data governing issues. There has been a lot of research into geolocation related data
  • CSP Cloud Services Provider
  • a method of operation of a computing device for providing data processing based on location includes receiving data to be processed; determining if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, processing the received data on the computing device. In some embodiments, this may reduce dependence on a Cloud Services Provider (CSP).
  • CSP Cloud Services Provider
  • the location policy associated with the received data is included as metadata with the received data.
  • determining if the location policy associated with the received data is satisfied includes determining a geolocation of the computing device and determining if the geolocation of the computing device satisfies the location policy associated with the received data.
  • determining if the geolocation of the computing device satisfies the location policy associated with the received data includes determining that the geolocation of the computing device is included in a set of approved locations in the location policy and/or not included in a set of forbidden locations in the location policy.
  • determining the geolocation of the computing device includes determining the geolocation of the computing device by querying a Virtual Trusted Platform Module (vTPM).
  • vTPM Virtual Trusted Platform Module
  • the method also includes, in response to determining that the location policy is not satisfied, determining another computing device that will satisfy the location policy, and in response to determining the other computing device that will satisfy the location policy, sending the data to be processed to the other computing device that will satisfy the location policy.
  • determining the other computing device that will satisfy the location policy includes querying a centralized master
  • determining the other computing device that will satisfy the location policy includes querying a local database stored on the computing device for the other computing device that will satisfy the location policy.
  • the local database stored on the computing device is updated by receiving gossip protocol messages from one or more other computing devices.
  • the method also includes, in response to determining that no other computing device will satisfy the location policy, causing a new computing device to become available that will satisfy the location policy.
  • causing the new computing device to become available comprises causing a Virtual Machine (VM) to be started that will satisfy the location policy.
  • VM Virtual Machine
  • the received data is encrypted.
  • the computing device is a VM running on a host computing device.
  • a method of operation of a data creation device for enabling data to be processed based on location includes creating data to be processed; associating a location policy with the created data; encrypting data to be processed; and sending the created data to a computing device.
  • the location policy associated with the created data is included as metadata with the created data. In some embodiments, the location policy associated with the created data includes one or more of the group consisting of a set of approved locations and/or a set of forbidden locations.
  • a computing device for providing data processing based on location is adapted to receive data to be processed
  • the computing device is adapted to perform any methods disclosed herein.
  • a computer program includes instructions which, when executed on at least one processor, cause the at least one processor to carry out any methods disclosed herein.
  • the computer program is contained in a carrier where the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
  • a computing device for providing data processing based on location includes a data receiving module operative to receive data to be processed; a location determining module operative to determine if the location policy associated with the received data is satisfied; and a data processing module operative to in response to determining that the location policy is satisfied, process the received data on the computing device.
  • a computing device for providing data processing based on location includes a processor and memory containing instructions executable by the processor whereby the computing device is operative to receive data to be processed; determine if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, process the received data on the computing device.
  • a data creation device for enabling data to be processed based on location is adapted to create data to be processed
  • a data creation device for enabling data to be processed based on location includes a data creation module operative to create data to be processed; a location policy module operative to associate a location policy with the created data; a data encryption module operative to encrypt the created data; and a data transmitting module operative to send the created data to a computing device.
  • a data creation device for enabling data to be processed based on location includes a processor and memory containing instructions executable by the processor whereby the data creation device is operative to create data to be processed; associate a location policy with the created data; encrypt the created data; and send the created data to a computing device.
  • Figure 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure
  • Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure
  • Figure 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure
  • Figure 4 is a flow chart illustrating a process for determining if a location policy is satisfied according to some embodiments of the present disclosure
  • Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure
  • FIG. 6 is a diagram of a Trusted Platform Module (TPM) according to some embodiments of the present disclosure
  • Figures 7A and 7B illustrate possible interactions between a computing device and a TPM according to some embodiments of the present disclosure
  • Figure 8 is a diagram of a computing device according to some embodiments of the present disclosure.
  • Figure 9 is a diagram of a data creation device according to some embodiments of the present disclosure.
  • Figure 10 is a diagram of a computing device including modules according to some embodiments of the present disclosure.
  • Figure 1 1 is a diagram of a data creation device including modules according to some embodiments of the present disclosure.
  • data created by a data creation device is not processed where it is created but at another location by some other computing device.
  • This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons.
  • the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located.
  • Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent.
  • FIG. 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure.
  • each application instance is running on one or more computing devices 10-1 through 10-N (referred to herein as computing device 10 and computing devices 10).
  • computing device 10 and computing devices 10 one or more data creation devices 12-1 through 12-N (referred to herein as data creation device 12 and data creation devices 12) are connected to various computing devices 10.
  • data creation device 12-1 is shown as connected to computing device 10-N
  • data creation device 12-2 is shown as connected to computing device 10-6.
  • the different computing devices 10 are interchangeable and are each capable of processing the created data.
  • these computing devices 10 may be operating as Virtual Machines (VMs) running on a host computing device.
  • VMs Virtual Machines
  • Figure 1 indicates that the computing devices 10 each have a location. Some or all of the computing devices 10 may be located in the same place. In other embodiments, some of these computing devices 10 may be physically separated from one or more of the other computing devices 10. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing. [0039] Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent.
  • Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure.
  • a data creation device 12 creates data to be processed (step 100).
  • the data creation device 12 associates a location policy with the created data (step 102).
  • the location policy may include a set of approved locations where the created data may be processed and/or the location policy may include a set of forbidden locations where the created data may not be processed. This location policy may be included in metadata associated with the created data.
  • the data creation device 12 then encrypts the created data (step 104).
  • the created data is encrypted to satisfy one or more data governance policies. For instance, some policies consider that encrypted data may be in a location that would otherwise be forbidden for the unencrypted data to be. Any encryption mechanism may be used, and the implementation specifics may be chosen by the manufacturer of the data creation device 12 or by an application on the data creation device 12. In some embodiments, techniques other than encryption may be used to protect the data.
  • the data creation device 12 then sends the created data to a computing device 10 (step 106). Since there is encryption in use, a key handling mechanism is required. Many different approaches to manage the keys exist, and the approach chosen may depend on the use of the system and/or other factors.
  • the keys for the data creation devices 12 are burnt into the devices during the manufacturing or provisioning phase. With this, the data creation device 12 can encrypt and/or sign the data before sending it to, preferably the nearest, computing device 10. Now, the computing device 10 may have the decryption key by itself or it may communicate with a trusted Key Distribution Center (KDC) to receive the key if it decides to decrypt the data. In the case where a KDC is used, there is a trust relationship between the computing device 10 and the KDC.
  • KDC Key Distribution Center
  • the metadata or location policy may be in plaintext or some other format accessible without decrypting the data. There should be some message integrity protection mechanism in place to protect the integrity of the location policy. Otherwise, an attacker may edit the location policy in the metadata and get it decrypted and/or processed in a place where it should not be decrypted.
  • FIG. 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure.
  • a computing device 10 receives data to be processed (step 200). In some embodiments, this received data may have been sent by a data creation device 10 in a manner such as described above in relation to Figure 2 and especially step 106.
  • the computing device 10 determines if a location policy associated with the received data is satisfied (step 202). One method of accomplishing this determination will be discussed in relation to Figure 4 below. If the location policy associated with the received data is satisfied, the computing device 10 proceeds to process the received data on the computing device 10 (step 204). The type of processing performed on the received data is application dependent. In this embodiment, the computing device 10 only processes the data if the location policy is satisfied.
  • the received data may be encrypted, such as during step 104 discussed in relation to Figure 2. If the received data is encrypted, the computing device 10 may wait to decrypt the received data until after it is determined that the location policy is satisfied. In this case, the received data is considered to not even be present on the computing device 10 while it is still encrypted. Since it is determined that the location policy is satisfied before the received data is unencrypted, the received data is never processed by a computing device 10 that does not conform to the requirements of the location policy associated with the received data.
  • the computing device 10 determines an other computing device 10 that will satisfy the location policy (step 206). Determining the other computing device 10 may be accomplished by querying a centralized master application or database.
  • This centralized master application or database may contain a list of each available computing device 10 and the current geolocation of each, according to some embodiments.
  • the other computing device 10 may also be found via a gossip protocol where a local database stored on the computing device 10 is updated by receiving gossip protocol messages from one or more other computing devices 10.
  • a gossip protocol is any messaging protocol that passes information among the nodes, such as the computing devices 10, where many nodes may have incomplete information at a specific time, but after receiving a communication from another node, the nodes have information that is at least as complete as before. Failure to receive the messages is tolerated, and information is often transmitted to a node from several other nodes.
  • the computing device 10 sends the data to be processed to the other computing device 10 (step 208). Since the other computing device 10 satisfies the location policy, the other computing device 10 will be permitted to process the data.
  • the computing device 10 or some other appropriate node may cause a new computing device 10 to become available that will satisfy the location policy.
  • causing the new computing device 10 to become available may include causing a VM to be started that will satisfy the location policy.
  • the systems and methods disclosed may provide several benefits. For instance, when the computing devices 10 are VMs controlled by a Cloud Services Provider (CSP), there may be less dependence on the CSP. Using the systems and methods disclosed, the CSP only has to guarantee the location of the VMs. Therefore, no special policy management support to launch a VM in a particular location is required from the CSP in some embodiments.
  • CSP Cloud Services Provider
  • the data regulation is practically handled by the application itself. So, there is decreased or no burden on the CSP. This also means that the data owner does not have to trust or depend on the CSP for proper data handling policies in some embodiments. Additionally, using the systems and methods disclosed, a more granular level location policy may be applied as each piece of data may have its own location policy. Such a location policy may be prohibitively complex if implemented through the CSP alone. In some embodiments, it may be important to ensure the integrity of the application software running on the various computing devices 10. Since the application itself is maintaining the data governance policies, integrity protection of the application software makes sure that no attacker can make any changes to the application itself to violate the data policy. Also, secure distribution and installation of the application is important for ensuring this integrity.
  • the computing device 10 determines a geolocation of the computing device 10 (step 300). As will be discussed in more detail below, the geolocation of the computing device 10 may be determined via a Trusted Platform Module (TPM), a Virtual TPM (vTPM), or some other method.
  • TPM Trusted Platform Module
  • vTPM Virtual TPM
  • the computing device 10 determines if the geolocation of the computing device 10 satisfies the location policy associated with the received data (step 302). As discussed above, this may include determining if the geolocation is included in a set of approved locations and/or not included in a set of forbidden locations.
  • the location policy associated with the received data is included as metadata with the received data.
  • the computing device 10 is a VM running on a host computing device.
  • the same application may be replicated across the VMs and be referred to as application instances.
  • Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure.
  • an application instance receives data to be processed, it first determines whether the application location is equal to the metadata location (step 400).
  • the metadata location is a location included in the metadata of the received data that indicates where the data is allowed to be processed. If the application location is equal to the metadata location, the data is processed (step 402). If the application data is not equal to the metadata location, the application instance finds an application instance in the preferred location (step 404). Then the data is sent to that application instance (step 406). Any of the previous variations on how to find an appropriate application instance running in a preferred location could also be applicable to this embodiment.
  • This scenario can be easily implemented using methods described in the previous figures. All that is needed to implement the described methods is for the data generated by the sensors or devices to be marked with a location policy in the metadata appropriately, and the rest will be handled by the computing devices 10, as they will determine if the location policy is satisfied before processing the data.
  • the location preference is configured by the company itself. These location preferences can be configured in the loT devices during the provisioning or deployment phase or may be changeable, depending on the implementation.
  • the interaction with the CSP is reduced.
  • the data governance policy is implemented by the computing devices 10 themselves in ways that may be flexible and dynamic.
  • FIG. 6 is a diagram of a TPM 14 according to some embodiments of the present disclosure.
  • the TPM 14 may conform to an international standard for a secure cryptoprocessor.
  • TPM 14 generally offers facilities for the secure generation of cryptographic keys, and limitation of their use.
  • the TPM 14 may also include capabilities such as remote attestation and sealed storage.
  • Figure 6 shows that the TPM 14 includes a secured input/output 16 that allows the TPM 14 to interface with other aspects of a system.
  • TPM 14 also includes one or more cryptographic processors 18.
  • the cryptographic processor 18 is connected to a persistent memory 20 and a versatile memory 22.
  • the TPM 14 can be used to attest to the geolocation of the TPM 14. This may be accomplished in several ways which are beyond the scope of this disclosure.
  • FIGs 7A and 7B illustrate possible interactions between a computing device 10 and a TPM 14 according to some embodiments of the present disclosure.
  • a computing device 10 includes a TPM 14 directly. This computing device 10 may use the TPM 14 to determine its geolocation in order to determine if satisfies a location policy.
  • FIG 7B several computing devices 10-1 through 10-N are shown. In this embodiment, the computing devices 10 are connected to a hypervisor 24 that interacts with the physical hardware of a host computing device.
  • the computing devices 10-1 through 10-N include vTPMs 26-1 through 26-N. These vTPMs 26 communicate through the hypervisor 24 to communicate with a TPM 14 included in the physical hardware of the host computing device.
  • these computing devices 10-1 through 10-N are VMs. These VMs can use the vTPMs 26 to access the TPM 14 to attest the geolocation of the physical hardware.
  • Figure 7B is only one way of implementing a vTPM. The methods of ensuring that data is processed according to a location policy are not dependent on the method of implementing the vTPM or otherwise providing a way to attest the geolocation of a computing device 10.
  • a setup similar to Figure 7B may provide strong security measures to ensure the trust in the location information of the VM so that it cannot be tampered with by software. Since the application is running on a VM and the VM can move/migrate at any time, according to some embodiments, a vTPM may ensure the strong trust on the location information.
  • Intel Trusted Execution Technology has the support for assigning a geolocation tag during its provisioning process for a server that acts as the host computing device for the VMs. This hardware-based TPM root of trust can be extended to build a software-based vTPM for an unlimited number of VMs.
  • vTPM gives a computing device 10 the opportunity to manage the data governance policy from the application itself without any management needed from the CSP.
  • the only thing that the CSP has to provide is to ensure that all the VMs are capable of using a vTPM with geo-tagging enabled.
  • FIG. 8 is a diagram of a computing device 10 according to some embodiments of the present disclosure.
  • the computing device 10 includes circuitry containing instructions, which when executed, cause the computing device 10 to implement the methods and functionality described herein.
  • the circuitry can be in the form of processing means which may include a processor and a memory containing instructions.
  • the computing device 10 includes at least one processor 28 and memory 30.
  • the computing device 10 also includes a
  • the computing device 10 or the functionality of the computing device 10 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 30 and executed by the processor 28.
  • the communications interface 32 may include one or more components (e.g., network interface card(s)) that connect the computing device 10 to other systems.
  • a computer program including instructions which, when executed by the at least one processor 28, cause the at least one processor 28 to carry out the functionality of the computing device 10 according to any one of the embodiments described herein is provided.
  • a carrier containing the aforementioned computer program product is provided.
  • the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 30).
  • Figure 9 is a diagram of a data creation device 12 according to some embodiments of the present disclosure.
  • the data creation device 12 includes circuitry containing instructions, which when executed, cause the data creation device 12 to implement the methods and functionality described herein.
  • the circuitry can be in the form of processing means which may include a processor and a memory containing instructions.
  • the data creation device 12 includes at least one processor 34 and memory 36.
  • the data creation device 12 also includes a communications interface 38.
  • the data creation device 12, or the functionality of the data creation device 12 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 36 and executed by the processor 34.
  • the communications interface 38 may include one or more components (e.g., network interface card(s)) that connect the data creation device 12 to other systems.
  • a computer program including instructions which, when executed by the at least one processor 34, cause the at least one processor 34 to carry out the functionality of the data creation device 12 according to any one of the embodiments described herein is provided.
  • a carrier containing the aforementioned computer program product is provided.
  • the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 36).
  • Figure 10 is a diagram of a computing device 10 including a data receiving module 40, a location determining module 42, and a data processing module 44 according to some embodiments of the present disclosure.
  • the data receiving module 40, the location determining module 42, and the data processing module 44 are each implemented in software that, when executed by a processor of the computing device 10, causes the computing device 10 to operate according to one of the embodiments described herein.
  • Figure 1 1 is a diagram of a data creation device 12 including a data creation module 46, a location policy module 48, a data encryption module 50, and a data transmitting module 52 according to some embodiments of the present disclosure.
  • the data creation module 46, the location policy module 48, the data encryption module 50, and the data transmitting module 52 are each implemented in software that, when executed by a processor of the data creation device 12, causes the data creation device 12 to operate according to one of the embodiments described herein.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

Systems and methods for data processing based on location preference are provided. In some embodiments, a method of operation of a computing device for providing data processing based on location includes receiving data to be processed; determining if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, processing the received data on the computing device. In some embodiments, this may reduce dependence on a Cloud Services Provider (CSP).

Description

DATA PROCESSING BASED ON LOCATION PREFERENCE
Technical Field
[0001] The present disclosure relates to data processing based on location preference.
Background
[0002] Data is being created at a staggering rate by various data creation devices such as credit card transactions, environmental monitoring, and personal health monitoring devices. As the amount of created data increases, so does the need to process the created data. In some instances, the data is not processed where it is created but at another location by some other computing device. This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons. In many cases, the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located. In some cases, these computing devices may be operating as Virtual Machines (VMs) running on a host computing device. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing.
[0003] Governing the data in the cloud is one of the major issues for large enterprise organizations and for governments. Due to many legal rules, regulations, business policies, etc., data governance is one of the most challenging aspects to tackle when it comes to the cloud. This issue is hampering the adoption of cloud computing by many organizations such as large enterprise organizations and governments.
[0004] Data governance generally means managing the data according to a policy throughout the enterprise. It is a broad topic that can include many aspects of governing data in the cloud, such as managing, assessing, using, storing, monitoring, policy checking, compliance, etc. Many of the data governance policies are associated with geolocation related data governing issues. There has been a lot of research into geolocation related data
governance. Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent. One way to satisfy these requirements is for a Cloud Services Provider (CSP) to be informed of the data governance policies and for the CSP to use a special policy management support mechanism to launch a VM in a particular location to process the data. This introduces a burden on the CSP, and this also requires the data owner to trust or depend on the CSPs for proper implementation of data handling policies. As such, systems and methods for data processing based on location preference are needed.
Summary
[0005] Systems and methods for data processing based on location preference are provided. In some embodiments, a method of operation of a computing device for providing data processing based on location includes receiving data to be processed; determining if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, processing the received data on the computing device. In some embodiments, this may reduce dependence on a Cloud Services Provider (CSP).
[0006] In some embodiments, the location policy associated with the received data is included as metadata with the received data.
[0007] In some embodiments, determining if the location policy associated with the received data is satisfied includes determining a geolocation of the computing device and determining if the geolocation of the computing device satisfies the location policy associated with the received data.
[0008] In some embodiments, determining if the geolocation of the computing device satisfies the location policy associated with the received data includes determining that the geolocation of the computing device is included in a set of approved locations in the location policy and/or not included in a set of forbidden locations in the location policy.
[0009] In some embodiments, determining the geolocation of the computing device includes determining the geolocation of the computing device by querying a Virtual Trusted Platform Module (vTPM).
[0010] In some embodiments, the method also includes, in response to determining that the location policy is not satisfied, determining another computing device that will satisfy the location policy, and in response to determining the other computing device that will satisfy the location policy, sending the data to be processed to the other computing device that will satisfy the location policy.
[0011] In some embodiments, determining the other computing device that will satisfy the location policy includes querying a centralized master
application/database for the other computing device that will satisfy the location policy. In some embodiments, determining the other computing device that will satisfy the location policy includes querying a local database stored on the computing device for the other computing device that will satisfy the location policy. In some embodiments, the local database stored on the computing device is updated by receiving gossip protocol messages from one or more other computing devices.
[0012] In some embodiments, the method also includes, in response to determining that no other computing device will satisfy the location policy, causing a new computing device to become available that will satisfy the location policy. In some embodiments, causing the new computing device to become available comprises causing a Virtual Machine (VM) to be started that will satisfy the location policy.
[0013] In some embodiments, the received data is encrypted. In some embodiments, the computing device is a VM running on a host computing device.
[0014] In some embodiments, a method of operation of a data creation device for enabling data to be processed based on location includes creating data to be processed; associating a location policy with the created data; encrypting data to be processed; and sending the created data to a computing device.
[0015] In some embodiments, the location policy associated with the created data is included as metadata with the created data. In some embodiments, the location policy associated with the created data includes one or more of the group consisting of a set of approved locations and/or a set of forbidden locations.
[0016] In some embodiments, a computing device for providing data processing based on location is adapted to receive data to be processed;
determine if the location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, process the received data on the computing device. In some embodiments, the computing device is adapted to perform any methods disclosed herein.
[0017] In some embodiments, a computer program includes instructions which, when executed on at least one processor, cause the at least one processor to carry out any methods disclosed herein. In some embodiments, the computer program is contained in a carrier where the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
[0018] In some embodiments, a computing device for providing data processing based on location includes a data receiving module operative to receive data to be processed; a location determining module operative to determine if the location policy associated with the received data is satisfied; and a data processing module operative to in response to determining that the location policy is satisfied, process the received data on the computing device.
[0019] In some embodiments, a computing device for providing data processing based on location includes a processor and memory containing instructions executable by the processor whereby the computing device is operative to receive data to be processed; determine if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, process the received data on the computing device.
[0020] In some embodiments, a data creation device for enabling data to be processed based on location is adapted to create data to be processed;
associate a location policy with the created data; encrypt the created data; and send the created data to a computing device.
[0021] In some embodiments, a data creation device for enabling data to be processed based on location includes a data creation module operative to create data to be processed; a location policy module operative to associate a location policy with the created data; a data encryption module operative to encrypt the created data; and a data transmitting module operative to send the created data to a computing device.
[0022] In some embodiments, a data creation device for enabling data to be processed based on location includes a processor and memory containing instructions executable by the processor whereby the data creation device is operative to create data to be processed; associate a location policy with the created data; encrypt the created data; and send the created data to a computing device.
[0023] Those skilled in the art will appreciate the scope of the present disclosure and realize additional aspects thereof after reading the following detailed description of the embodiments in association with the accompanying drawing figures.
Brief Description of the Drawings
[0024] The accompanying drawing figures incorporated in and forming a part of this specification illustrate several aspects of the disclosure, and together with the description serve to explain the principles of the disclosure.
[0025] Figure 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure; [0026] Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure;
[0027] Figure 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure;
[0028] Figure 4 is a flow chart illustrating a process for determining if a location policy is satisfied according to some embodiments of the present disclosure;
[0029] Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure;
[0030] Figure 6 is a diagram of a Trusted Platform Module (TPM) according to some embodiments of the present disclosure;
[0031] Figures 7A and 7B illustrate possible interactions between a computing device and a TPM according to some embodiments of the present disclosure;
[0032] Figure 8 is a diagram of a computing device according to some embodiments of the present disclosure;
[0033] Figure 9 is a diagram of a data creation device according to some embodiments of the present disclosure;
[0034] Figure 10 is a diagram of a computing device including modules according to some embodiments of the present disclosure; and
[0035] Figure 1 1 is a diagram of a data creation device including modules according to some embodiments of the present disclosure.
Detailed Description
[0036] The embodiments set forth below represent information to enable those skilled in the art to practice the embodiments. Upon reading the following description in light of the accompanying drawing figures, those skilled in the art will understand the concepts of the disclosure and will recognize applications of these concepts not particularly addressed herein. It should be understood that these concepts and applications fall within the scope of the disclosure and the accompanying claims.
[0037] In some instances, data created by a data creation device is not processed where it is created but at another location by some other computing device. This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons. In many cases, the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located. Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent.
[0038] Figure 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure. In this embodiment, each application instance is running on one or more computing devices 10-1 through 10-N (referred to herein as computing device 10 and computing devices 10). As shown in Figure 1 , one or more data creation devices 12-1 through 12-N (referred to herein as data creation device 12 and data creation devices 12) are connected to various computing devices 10. For instance, data creation device 12-1 is shown as connected to computing device 10-N, while data creation device 12-2 is shown as connected to computing device 10-6. In some embodiments, the different computing devices 10 are interchangeable and are each capable of processing the created data. In some cases, these computing devices 10 may be operating as Virtual Machines (VMs) running on a host computing device. Figure 1 indicates that the computing devices 10 each have a location. Some or all of the computing devices 10 may be located in the same place. In other embodiments, some of these computing devices 10 may be physically separated from one or more of the other computing devices 10. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing. [0039] Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent. Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure. First, a data creation device 12 creates data to be processed (step 100). The data creation device 12 then associates a location policy with the created data (step 102). In some embodiments, the location policy may include a set of approved locations where the created data may be processed and/or the location policy may include a set of forbidden locations where the created data may not be processed. This location policy may be included in metadata associated with the created data.
[0040] The data creation device 12 then encrypts the created data (step 104). In some embodiments the created data is encrypted to satisfy one or more data governance policies. For instance, some policies consider that encrypted data may be in a location that would otherwise be forbidden for the unencrypted data to be. Any encryption mechanism may be used, and the implementation specifics may be chosen by the manufacturer of the data creation device 12 or by an application on the data creation device 12. In some embodiments, techniques other than encryption may be used to protect the data. The data creation device 12 then sends the created data to a computing device 10 (step 106). Since there is encryption in use, a key handling mechanism is required. Many different approaches to manage the keys exist, and the approach chosen may depend on the use of the system and/or other factors. The approach taken is not important for the operation of the systems and methods disclosed herein, but the following is one possible implementation. The keys for the data creation devices 12 are burnt into the devices during the manufacturing or provisioning phase. With this, the data creation device 12 can encrypt and/or sign the data before sending it to, preferably the nearest, computing device 10. Now, the computing device 10 may have the decryption key by itself or it may communicate with a trusted Key Distribution Center (KDC) to receive the key if it decides to decrypt the data. In the case where a KDC is used, there is a trust relationship between the computing device 10 and the KDC.
[0041] Even if the created data is encrypted, the metadata or location policy may be in plaintext or some other format accessible without decrypting the data. There should be some message integrity protection mechanism in place to protect the integrity of the location policy. Otherwise, an attacker may edit the location policy in the metadata and get it decrypted and/or processed in a place where it should not be decrypted.
[0042] Figure 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure. A computing device 10 receives data to be processed (step 200). In some embodiments, this received data may have been sent by a data creation device 10 in a manner such as described above in relation to Figure 2 and especially step 106. The computing device 10 then determines if a location policy associated with the received data is satisfied (step 202). One method of accomplishing this determination will be discussed in relation to Figure 4 below. If the location policy associated with the received data is satisfied, the computing device 10 proceeds to process the received data on the computing device 10 (step 204). The type of processing performed on the received data is application dependent. In this embodiment, the computing device 10 only processes the data if the location policy is satisfied. Additionally, the received data may be encrypted, such as during step 104 discussed in relation to Figure 2. If the received data is encrypted, the computing device 10 may wait to decrypt the received data until after it is determined that the location policy is satisfied. In this case, the received data is considered to not even be present on the computing device 10 while it is still encrypted. Since it is determined that the location policy is satisfied before the received data is unencrypted, the received data is never processed by a computing device 10 that does not conform to the requirements of the location policy associated with the received data.
[0043] If the location policy associated with the received data is not satisfied, the computing device 10 does not process the received data on the computing device 10. If the received data is encrypted, the computing device 10 should not even decrypt the received data. To ensure that a piece of data always gets processed, there need to be some additional mechanisms added to the system. First of all, the application should be running in all the approved locations that are allowed to be listed in the location policy. Secondly, there needs to be a mechanism to track all the running application instances. This may be done in different ways. The computing device 10 determines an other computing device 10 that will satisfy the location policy (step 206). Determining the other computing device 10 may be accomplished by querying a centralized master application or database. This centralized master application or database may contain a list of each available computing device 10 and the current geolocation of each, according to some embodiments. The other computing device 10 may also be found via a gossip protocol where a local database stored on the computing device 10 is updated by receiving gossip protocol messages from one or more other computing devices 10. As used herein, a gossip protocol is any messaging protocol that passes information among the nodes, such as the computing devices 10, where many nodes may have incomplete information at a specific time, but after receiving a communication from another node, the nodes have information that is at least as complete as before. Failure to receive the messages is tolerated, and information is often transmitted to a node from several other nodes. Regardless of how the other computing device 10 that satisfies the location policy is determined, the computing device 10 sends the data to be processed to the other computing device 10 (step 208). Since the other computing device 10 satisfies the location policy, the other computing device 10 will be permitted to process the data.
[0044] If it is determined that no other computing device 10 will satisfy the location policy, the computing device 10 or some other appropriate node may cause a new computing device 10 to become available that will satisfy the location policy. In embodiments where the computing devices 10 are VMs, causing the new computing device 10 to become available may include causing a VM to be started that will satisfy the location policy. [0045] The systems and methods disclosed may provide several benefits. For instance, when the computing devices 10 are VMs controlled by a Cloud Services Provider (CSP), there may be less dependence on the CSP. Using the systems and methods disclosed, the CSP only has to guarantee the location of the VMs. Therefore, no special policy management support to launch a VM in a particular location is required from the CSP in some embodiments. Also, the data regulation is practically handled by the application itself. So, there is decreased or no burden on the CSP. This also means that the data owner does not have to trust or depend on the CSP for proper data handling policies in some embodiments. Additionally, using the systems and methods disclosed, a more granular level location policy may be applied as each piece of data may have its own location policy. Such a location policy may be prohibitively complex if implemented through the CSP alone. In some embodiments, it may be important to ensure the integrity of the application software running on the various computing devices 10. Since the application itself is maintaining the data governance policies, integrity protection of the application software makes sure that no attacker can make any changes to the application itself to violate the data policy. Also, secure distribution and installation of the application is important for ensuring this integrity.
[0046] One way of determining if a location policy is satisfied on a computing device 10 is shown in Figure 4. This process can be included as the determining step 202 discussed in relation to Figure 3 or may be performed for other reasons. First, the computing device 10 determines a geolocation of the computing device 10 (step 300). As will be discussed in more detail below, the geolocation of the computing device 10 may be determined via a Trusted Platform Module (TPM), a Virtual TPM (vTPM), or some other method. Next, the computing device 10 determines if the geolocation of the computing device 10 satisfies the location policy associated with the received data (step 302). As discussed above, this may include determining if the geolocation is included in a set of approved locations and/or not included in a set of forbidden locations. In some embodiments, the location policy associated with the received data is included as metadata with the received data.
[0047] In some embodiments, the computing device 10 is a VM running on a host computing device. In these embodiments, the same application may be replicated across the VMs and be referred to as application instances. Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure. When an application instance receives data to be processed, it first determines whether the application location is equal to the metadata location (step 400). In this embodiment, the metadata location is a location included in the metadata of the received data that indicates where the data is allowed to be processed. If the application location is equal to the metadata location, the data is processed (step 402). If the application data is not equal to the metadata location, the application instance finds an application instance in the preferred location (step 404). Then the data is sent to that application instance (step 406). Any of the previous variations on how to find an appropriate application instance running in a preferred location could also be applicable to this embodiment.
[0048] As one example of how the methods described in the previous figures may be used, consider a scenario where, in the Internet of Things (loT) world, a company collects data from all sorts of sensors or devices (data creation devices 12) from various places in the world. All of these sensors or devices send encrypted and perhaps integrity protected data to the cloud where the company runs its application for processing that data (computing devices 10). Since it is a worldwide company, it runs its application in different geographic locations in the cloud. Now, this company may consider some type of data to be more valuable and desire that data to be processed only in certain locations. Similarly, the restrictions may be due to regulations (e.g. health sensor data).
[0049] This scenario can be easily implemented using methods described in the previous figures. All that is needed to implement the described methods is for the data generated by the sensors or devices to be marked with a location policy in the metadata appropriately, and the rest will be handled by the computing devices 10, as they will determine if the location policy is satisfied before processing the data. In this scenario, the location preference is configured by the company itself. These location preferences can be configured in the loT devices during the provisioning or deployment phase or may be changeable, depending on the implementation.
[0050] As another example, consider a scenario where a company sells personal health devices worldwide that monitor personal health information. Whenever these devices are connected to Internet, they send encrypted data to the company's server for processing. Now, assume there is a regulation stating that the health related information of a person could only be processed within a person's country of nationality. The company is running its server application worldwide, and people moving to different countries makes it very difficult to manage this data governance policy. However, using the methods described in the previous figures, the data governance becomes a trivial problem. In this scenario, all the health devices just have to include the location preference for processing the data within the metadata when it sends to the server. Now the server application can check where it can process this particular piece of data and handle it accordingly. In this scenario, each individual user may set the location preference. Therefore, the company selling the device has to provide a way to make this configurable by the user.
[0051] In both of the scenarios discussed above, the interaction with the CSP is reduced. Instead of relying on the CSP to implement the data governance policy, which may require extensive communication with the CSP, the data governance policy is implemented by the computing devices 10 themselves in ways that may be flexible and dynamic.
[0052] As discussed above, one way for a computing device 10 to determine its location is to use a TPM. Figure 6 is a diagram of a TPM 14 according to some embodiments of the present disclosure. The TPM 14 may conform to an international standard for a secure cryptoprocessor. TPM 14 generally offers facilities for the secure generation of cryptographic keys, and limitation of their use. The TPM 14 may also include capabilities such as remote attestation and sealed storage. Figure 6 shows that the TPM 14 includes a secured input/output 16 that allows the TPM 14 to interface with other aspects of a system. TPM 14 also includes one or more cryptographic processors 18. The cryptographic processor 18 is connected to a persistent memory 20 and a versatile memory 22. In some embodiments, the TPM 14 can be used to attest to the geolocation of the TPM 14. This may be accomplished in several ways which are beyond the scope of this disclosure.
[0053] Figures 7A and 7B illustrate possible interactions between a computing device 10 and a TPM 14 according to some embodiments of the present disclosure. In Figure 7A, a computing device 10 includes a TPM 14 directly. This computing device 10 may use the TPM 14 to determine its geolocation in order to determine if satisfies a location policy. In Figure 7B, several computing devices 10-1 through 10-N are shown. In this embodiment, the computing devices 10 are connected to a hypervisor 24 that interacts with the physical hardware of a host computing device. In this example, the computing devices 10-1 through 10-N include vTPMs 26-1 through 26-N. These vTPMs 26 communicate through the hypervisor 24 to communicate with a TPM 14 included in the physical hardware of the host computing device. In some embodiments, these computing devices 10-1 through 10-N are VMs. These VMs can use the vTPMs 26 to access the TPM 14 to attest the geolocation of the physical hardware. Figure 7B is only one way of implementing a vTPM. The methods of ensuring that data is processed according to a location policy are not dependent on the method of implementing the vTPM or otherwise providing a way to attest the geolocation of a computing device 10.
[0054] A setup similar to Figure 7B may provide strong security measures to ensure the trust in the location information of the VM so that it cannot be tampered with by software. Since the application is running on a VM and the VM can move/migrate at any time, according to some embodiments, a vTPM may ensure the strong trust on the location information. For example, Intel Trusted Execution Technology (TXT) has the support for assigning a geolocation tag during its provisioning process for a server that acts as the host computing device for the VMs. This hardware-based TPM root of trust can be extended to build a software-based vTPM for an unlimited number of VMs. The use of vTPM gives a computing device 10 the opportunity to manage the data governance policy from the application itself without any management needed from the CSP. The only thing that the CSP has to provide is to ensure that all the VMs are capable of using a vTPM with geo-tagging enabled.
[0055] Figure 8 is a diagram of a computing device 10 according to some embodiments of the present disclosure. In some embodiments, the computing device 10 includes circuitry containing instructions, which when executed, cause the computing device 10 to implement the methods and functionality described herein. In one example, the circuitry can be in the form of processing means which may include a processor and a memory containing instructions. As illustrated, the computing device 10 includes at least one processor 28 and memory 30. As illustrated, the computing device 10 also includes a
communications interface 32. In some embodiments, the computing device 10, or the functionality of the computing device 10 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 30 and executed by the processor 28. The communications interface 32 may include one or more components (e.g., network interface card(s)) that connect the computing device 10 to other systems.
[0056] In some embodiments, a computer program including instructions which, when executed by the at least one processor 28, cause the at least one processor 28 to carry out the functionality of the computing device 10 according to any one of the embodiments described herein is provided. In some
embodiments, a carrier containing the aforementioned computer program product is provided. The carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 30).
[0057] Figure 9 is a diagram of a data creation device 12 according to some embodiments of the present disclosure. In some embodiments, the data creation device 12 includes circuitry containing instructions, which when executed, cause the data creation device 12 to implement the methods and functionality described herein. In one example, the circuitry can be in the form of processing means which may include a processor and a memory containing instructions. As illustrated, the data creation device 12 includes at least one processor 34 and memory 36. As illustrated, the data creation device 12 also includes a communications interface 38. In some embodiments, the data creation device 12, or the functionality of the data creation device 12 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 36 and executed by the processor 34. The communications interface 38 may include one or more components (e.g., network interface card(s)) that connect the data creation device 12 to other systems.
[0058] In some embodiments, a computer program including instructions which, when executed by the at least one processor 34, cause the at least one processor 34 to carry out the functionality of the data creation device 12 according to any one of the embodiments described herein is provided. In some embodiments, a carrier containing the aforementioned computer program product is provided. The carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 36).
[0059] Figure 10 is a diagram of a computing device 10 including a data receiving module 40, a location determining module 42, and a data processing module 44 according to some embodiments of the present disclosure. The data receiving module 40, the location determining module 42, and the data processing module 44 are each implemented in software that, when executed by a processor of the computing device 10, causes the computing device 10 to operate according to one of the embodiments described herein.
[0060] Figure 1 1 is a diagram of a data creation device 12 including a data creation module 46, a location policy module 48, a data encryption module 50, and a data transmitting module 52 according to some embodiments of the present disclosure. The data creation module 46, the location policy module 48, the data encryption module 50, and the data transmitting module 52 are each implemented in software that, when executed by a processor of the data creation device 12, causes the data creation device 12 to operate according to one of the embodiments described herein.
[0061] The following acronyms are used throughout this disclosure.
CSP Cloud Services Provider
IEC International Electrotechnical Commission loT Internet of Things
ISO International Organization for Standardization
KDC Key Distribution Center
TPM Trusted Platform Module
TXT Trusted Execution Technology
VM Virtual Machine
vTPM Virtual Trusted Platform Module
[0062] Those skilled in the art will recognize improvements and modifications to the embodiments of the present disclosure. All such improvements and modifications are considered within the scope of the concepts disclosed herein and the claims that follow.

Claims

Claims What is claimed is:
1. A method of operation of a computing device (10) for providing data processing based on location comprising:
receiving (200) data to be processed;
determining (202) if a location policy associated with the received data is satisfied; and
in response to determining that the location policy is satisfied, processing (204) the received data on the computing device (10).
2. The method of claim 1 wherein the location policy associated with the received data is included as metadata with the received data.
3. The method of any of claims 1 through 2 wherein determining if the location policy associated with the received data is satisfied comprises:
determining (300) a geolocation of the computing device (10); and determining (302) if the geolocation of the computing device (10) satisfies the location policy associated with the received data.
4. The method of claim 3 wherein determining if the geolocation of the computing device (10) satisfies the location policy associated with the received data comprises determining that the geolocation of the computing device (10) is included in a set of approved locations in the location policy and/or not included in a set of forbidden locations in the location policy.
5. The method of any of claims 3 through 4 wherein determining the geolocation of the computing device (10) comprises determining the geolocation of the computing device (10) by querying a Virtual Trusted Platform Module, vTPM (26).
6. The method of any of claims 1 through 5 further comprising:
in response to determining that the location policy is not satisfied, determining (206) an other computing device (10) that will satisfy the location policy;
in response to determining the other computing device (10) that will satisfy the location policy, sending (208) the data to be processed to the other computing device (10) that will satisfy the location policy.
7. The method of claim 6 wherein determining the other computing device (10) that will satisfy the location policy comprises querying a centralized master application or database for the other computing device (10) that will satisfy the location policy.
8. The method of claim 6 wherein determining the other computing device (10) that will satisfy the location policy comprises querying a local database stored on the computing device (10) for the other computing device (10) that will satisfy the location policy.
9. The method of claim 8 wherein the local database stored on the computing device (10) is updated by receiving gossip protocol messages from one or more other computing devices (10).
10. The method of any of claims 6 through 9 further comprising:
in response to determining that no other computing device (10) will satisfy the location policy, causing a new computing device (10) to become available that will satisfy the location policy.
1 1 . The method of claim 10 wherein causing the new computing device (10) to become available comprises causing a Virtual Machine, VM, to be started that will satisfy the location policy.
12. The method of any of claims 1 through 1 1 wherein the received data is encrypted.
13. The method of any of claims 1 through 12 wherein the computing device (10) is a Virtual Machine, VM, running on a host computing device (10).
14. A method of operation of a data creation device (12) for enabling data to be processed based on location comprising:
creating (100) data to be processed;
associating (102) a location policy with the created data;
encrypting (104) data to be processed; and
sending (106) the created data to a computing device (10).
15. The method of claim 14 wherein the location policy associated with the created data is included as metadata with the created data.
16. The method of any of claims 14 through 15 wherein the location policy associated with the created data comprises one or more of the group consisting of a set of approved locations and/or a set of forbidden locations.
17. A computing device (10) for providing data processing based on location adapted to:
receive data to be processed;
determine if a location policy associated with the received data is satisfied; and
in response to determining that the location policy is satisfied, process the received data on the computing device (10).
18. The computing device (10) of claim 17 adapted to perform the method of any of claims 1 through 13.
19. A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of claims 1 through 13.
20. A carrier containing the computer program of claim 19, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
21 . A computing device (10) for providing data processing based on location comprising:
a data receiving module (40) operative to receive data to be processed; a location determining module (42) operative to determine if a location policy associated with the received data is satisfied; and
a data processing module (44) operative to in response to determining that the location policy is satisfied, process the received data on the computing device (10).
22. A computing device (10) for providing data processing based on location comprising:
a processor (28); and
memory (30) containing instructions executable by the processor (28) whereby the computing device (10) is operative to:
receive data to be processed;
determine if a location policy associated with the received data is satisfied; and
in response to determining that the location policy is satisfied, process the received data on the computing device (10).
23. A data creation device (12) for enabling data to be processed based on location adapted to:
create data to be processed; associate a location policy with the created data;
encrypt the created data; and
send the created data to a computing device (10).
24. The data creation device (12) of claim 23 adapted to perform the method of any of claims 15 through 16.
25. A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of claims 14 through 16.
26. A carrier containing the computer program of claim 25, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
27. A data creation device (12) for enabling data to be processed based on location comprising:
a data creation module (46) operative to create data to be processed; a location policy module (48) operative to associate a location policy with the created data;
a data encryption module (50) operative to encrypt the created data; and a data transmitting module (52) operative to send the created data to a computing device (10).
28. A data creation device (12) for enabling data to be processed based on location comprising:
a processor (34); and
memory (36) containing instructions executable by the processor (34) whereby the data creation device (12) is operative to:
create data to be processed;
associate a location policy with the created data; encrypt the created data; and
send the created data to a computing device (10).
PCT/SE2015/050750 2015-06-26 2015-06-26 Data processing based on location preference WO2016209134A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/SE2015/050750 WO2016209134A1 (en) 2015-06-26 2015-06-26 Data processing based on location preference

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/SE2015/050750 WO2016209134A1 (en) 2015-06-26 2015-06-26 Data processing based on location preference

Publications (1)

Publication Number Publication Date
WO2016209134A1 true WO2016209134A1 (en) 2016-12-29

Family

ID=53682767

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/SE2015/050750 WO2016209134A1 (en) 2015-06-26 2015-06-26 Data processing based on location preference

Country Status (1)

Country Link
WO (1) WO2016209134A1 (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120159156A1 (en) * 2010-12-20 2012-06-21 Microsoft Corporation Tamper proof location services
WO2015006798A1 (en) * 2013-07-15 2015-01-22 Cocoon Data Holdings Limited Secure data object generation and management

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120159156A1 (en) * 2010-12-20 2012-06-21 Microsoft Corporation Tamper proof location services
WO2015006798A1 (en) * 2013-07-15 2015-01-22 Cocoon Data Holdings Limited Secure data object generation and management

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
PALADI NICOLAE ET AL: "Trusted Geolocation-Aware Data Placement in Infrastructure Clouds", 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS, IEEE, 24 September 2014 (2014-09-24), pages 352 - 360, XP032725034, DOI: 10.1109/TRUSTCOM.2014.47 *

Similar Documents

Publication Publication Date Title
EP3937424B1 (en) Blockchain data processing methods and apparatuses based on cloud computing
US11757647B2 (en) Key protection for computing platform
US11573830B2 (en) Software defined silicon implementation and management
US11500988B2 (en) Binding secure keys of secure guests to a hardware security module
US10157290B1 (en) Systems and methods for encrypting files
US20150347773A1 (en) Method and system for implementing data security policies using database classification
US20180152423A1 (en) Multi-level security enforcement utilizing data typing
US20200104528A1 (en) Data processing method, device and system
US10255450B2 (en) Customer load of field programmable gate arrays
EP3780484A1 (en) Cryptographic operation and working key creation method and cryptographic service platform and device
US11533174B2 (en) Binding secure objects of a security module to a secure guest
US9697378B2 (en) Network encrypted data object stored on an encrypted file system
EP3935536B1 (en) Secure execution guest owner controls for secure interface control
US20220179946A1 (en) Secure computing resource deployment using homomorphic encryption
US10536276B2 (en) Associating identical fields encrypted with different keys
US9344407B1 (en) Centrally managed use case-specific entity identifiers
US10754987B2 (en) Secure micro-service data and service provisioning for IoT platforms
CN112000978A (en) Private data output method, data processing system, and storage medium
US9251375B1 (en) Use case-specific entity identifiers
EP3879783B1 (en) Data security processing method and terminal thereof
CN114969832B (en) Private data management method and system based on server-free architecture
CN114586032B (en) Secure workload configuration
US11722295B2 (en) Methods, apparatus, and articles of manufacture to securely audit communications
WO2019040182A1 (en) Systems and methods for encrypting files
US11646878B2 (en) Distributing encrypted data objects with encryption information as metadata

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15739353

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15739353

Country of ref document: EP

Kind code of ref document: A1