WO2016209134A1 - Data processing based on location preference - Google Patents
Data processing based on location preference Download PDFInfo
- Publication number
- WO2016209134A1 WO2016209134A1 PCT/SE2015/050750 SE2015050750W WO2016209134A1 WO 2016209134 A1 WO2016209134 A1 WO 2016209134A1 SE 2015050750 W SE2015050750 W SE 2015050750W WO 2016209134 A1 WO2016209134 A1 WO 2016209134A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- data
- computing device
- location
- location policy
- determining
- Prior art date
Links
- 238000012545 processing Methods 0.000 title claims abstract description 38
- 238000000034 method Methods 0.000 claims abstract description 67
- 230000004044 response Effects 0.000 claims abstract description 15
- 230000008569 process Effects 0.000 claims description 22
- 238000004590 computer program Methods 0.000 claims description 10
- 238000003860 storage Methods 0.000 claims description 6
- 230000003287 optical effect Effects 0.000 claims description 5
- 238000010586 diagram Methods 0.000 description 10
- 238000004891 communication Methods 0.000 description 6
- 230000036541 health Effects 0.000 description 6
- 230000007246 mechanism Effects 0.000 description 6
- 238000013459 approach Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 230000001419 dependent effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 238000002507 cathodic stripping potentiometry Methods 0.000 description 1
- 230000003247 decreasing effect Effects 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 230000007613 environmental effect Effects 0.000 description 1
- 238000009434 installation Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012806 monitoring device Methods 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000002085 persistent effect Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/107—Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/10—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
- G06F21/101—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities
- G06F21/1013—Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM] by binding digital rights to specific entities to locations
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6209—Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2111—Location-sensitive, e.g. geographical location, GPS
Definitions
- the present disclosure relates to data processing based on location preference.
- Data is being created at a staggering rate by various data creation devices such as credit card transactions, environmental monitoring, and personal health monitoring devices. As the amount of created data increases, so does the need to process the created data. In some instances, the data is not processed where it is created but at another location by some other computing device. This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons. In many cases, the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located. In some cases, these computing devices may be operating as Virtual Machines (VMs) running on a host computing device. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing.
- VMs Virtual Machines
- Data governance generally means managing the data according to a policy throughout the enterprise. It is a broad topic that can include many aspects of governing data in the cloud, such as managing, assessing, using, storing, monitoring, policy checking, compliance, etc. Many of the data governance policies are associated with geolocation related data governing issues. There has been a lot of research into geolocation related data
- CSP Cloud Services Provider
- a method of operation of a computing device for providing data processing based on location includes receiving data to be processed; determining if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, processing the received data on the computing device. In some embodiments, this may reduce dependence on a Cloud Services Provider (CSP).
- CSP Cloud Services Provider
- the location policy associated with the received data is included as metadata with the received data.
- determining if the location policy associated with the received data is satisfied includes determining a geolocation of the computing device and determining if the geolocation of the computing device satisfies the location policy associated with the received data.
- determining if the geolocation of the computing device satisfies the location policy associated with the received data includes determining that the geolocation of the computing device is included in a set of approved locations in the location policy and/or not included in a set of forbidden locations in the location policy.
- determining the geolocation of the computing device includes determining the geolocation of the computing device by querying a Virtual Trusted Platform Module (vTPM).
- vTPM Virtual Trusted Platform Module
- the method also includes, in response to determining that the location policy is not satisfied, determining another computing device that will satisfy the location policy, and in response to determining the other computing device that will satisfy the location policy, sending the data to be processed to the other computing device that will satisfy the location policy.
- determining the other computing device that will satisfy the location policy includes querying a centralized master
- determining the other computing device that will satisfy the location policy includes querying a local database stored on the computing device for the other computing device that will satisfy the location policy.
- the local database stored on the computing device is updated by receiving gossip protocol messages from one or more other computing devices.
- the method also includes, in response to determining that no other computing device will satisfy the location policy, causing a new computing device to become available that will satisfy the location policy.
- causing the new computing device to become available comprises causing a Virtual Machine (VM) to be started that will satisfy the location policy.
- VM Virtual Machine
- the received data is encrypted.
- the computing device is a VM running on a host computing device.
- a method of operation of a data creation device for enabling data to be processed based on location includes creating data to be processed; associating a location policy with the created data; encrypting data to be processed; and sending the created data to a computing device.
- the location policy associated with the created data is included as metadata with the created data. In some embodiments, the location policy associated with the created data includes one or more of the group consisting of a set of approved locations and/or a set of forbidden locations.
- a computing device for providing data processing based on location is adapted to receive data to be processed
- the computing device is adapted to perform any methods disclosed herein.
- a computer program includes instructions which, when executed on at least one processor, cause the at least one processor to carry out any methods disclosed herein.
- the computer program is contained in a carrier where the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
- a computing device for providing data processing based on location includes a data receiving module operative to receive data to be processed; a location determining module operative to determine if the location policy associated with the received data is satisfied; and a data processing module operative to in response to determining that the location policy is satisfied, process the received data on the computing device.
- a computing device for providing data processing based on location includes a processor and memory containing instructions executable by the processor whereby the computing device is operative to receive data to be processed; determine if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, process the received data on the computing device.
- a data creation device for enabling data to be processed based on location is adapted to create data to be processed
- a data creation device for enabling data to be processed based on location includes a data creation module operative to create data to be processed; a location policy module operative to associate a location policy with the created data; a data encryption module operative to encrypt the created data; and a data transmitting module operative to send the created data to a computing device.
- a data creation device for enabling data to be processed based on location includes a processor and memory containing instructions executable by the processor whereby the data creation device is operative to create data to be processed; associate a location policy with the created data; encrypt the created data; and send the created data to a computing device.
- Figure 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure
- Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure
- Figure 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure
- Figure 4 is a flow chart illustrating a process for determining if a location policy is satisfied according to some embodiments of the present disclosure
- Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure
- FIG. 6 is a diagram of a Trusted Platform Module (TPM) according to some embodiments of the present disclosure
- Figures 7A and 7B illustrate possible interactions between a computing device and a TPM according to some embodiments of the present disclosure
- Figure 8 is a diagram of a computing device according to some embodiments of the present disclosure.
- Figure 9 is a diagram of a data creation device according to some embodiments of the present disclosure.
- Figure 10 is a diagram of a computing device including modules according to some embodiments of the present disclosure.
- Figure 1 1 is a diagram of a data creation device including modules according to some embodiments of the present disclosure.
- data created by a data creation device is not processed where it is created but at another location by some other computing device.
- This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons.
- the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located.
- Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent.
- FIG. 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure.
- each application instance is running on one or more computing devices 10-1 through 10-N (referred to herein as computing device 10 and computing devices 10).
- computing device 10 and computing devices 10 one or more data creation devices 12-1 through 12-N (referred to herein as data creation device 12 and data creation devices 12) are connected to various computing devices 10.
- data creation device 12-1 is shown as connected to computing device 10-N
- data creation device 12-2 is shown as connected to computing device 10-6.
- the different computing devices 10 are interchangeable and are each capable of processing the created data.
- these computing devices 10 may be operating as Virtual Machines (VMs) running on a host computing device.
- VMs Virtual Machines
- Figure 1 indicates that the computing devices 10 each have a location. Some or all of the computing devices 10 may be located in the same place. In other embodiments, some of these computing devices 10 may be physically separated from one or more of the other computing devices 10. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing. [0039] Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent.
- Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure.
- a data creation device 12 creates data to be processed (step 100).
- the data creation device 12 associates a location policy with the created data (step 102).
- the location policy may include a set of approved locations where the created data may be processed and/or the location policy may include a set of forbidden locations where the created data may not be processed. This location policy may be included in metadata associated with the created data.
- the data creation device 12 then encrypts the created data (step 104).
- the created data is encrypted to satisfy one or more data governance policies. For instance, some policies consider that encrypted data may be in a location that would otherwise be forbidden for the unencrypted data to be. Any encryption mechanism may be used, and the implementation specifics may be chosen by the manufacturer of the data creation device 12 or by an application on the data creation device 12. In some embodiments, techniques other than encryption may be used to protect the data.
- the data creation device 12 then sends the created data to a computing device 10 (step 106). Since there is encryption in use, a key handling mechanism is required. Many different approaches to manage the keys exist, and the approach chosen may depend on the use of the system and/or other factors.
- the keys for the data creation devices 12 are burnt into the devices during the manufacturing or provisioning phase. With this, the data creation device 12 can encrypt and/or sign the data before sending it to, preferably the nearest, computing device 10. Now, the computing device 10 may have the decryption key by itself or it may communicate with a trusted Key Distribution Center (KDC) to receive the key if it decides to decrypt the data. In the case where a KDC is used, there is a trust relationship between the computing device 10 and the KDC.
- KDC Key Distribution Center
- the metadata or location policy may be in plaintext or some other format accessible without decrypting the data. There should be some message integrity protection mechanism in place to protect the integrity of the location policy. Otherwise, an attacker may edit the location policy in the metadata and get it decrypted and/or processed in a place where it should not be decrypted.
- FIG. 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure.
- a computing device 10 receives data to be processed (step 200). In some embodiments, this received data may have been sent by a data creation device 10 in a manner such as described above in relation to Figure 2 and especially step 106.
- the computing device 10 determines if a location policy associated with the received data is satisfied (step 202). One method of accomplishing this determination will be discussed in relation to Figure 4 below. If the location policy associated with the received data is satisfied, the computing device 10 proceeds to process the received data on the computing device 10 (step 204). The type of processing performed on the received data is application dependent. In this embodiment, the computing device 10 only processes the data if the location policy is satisfied.
- the received data may be encrypted, such as during step 104 discussed in relation to Figure 2. If the received data is encrypted, the computing device 10 may wait to decrypt the received data until after it is determined that the location policy is satisfied. In this case, the received data is considered to not even be present on the computing device 10 while it is still encrypted. Since it is determined that the location policy is satisfied before the received data is unencrypted, the received data is never processed by a computing device 10 that does not conform to the requirements of the location policy associated with the received data.
- the computing device 10 determines an other computing device 10 that will satisfy the location policy (step 206). Determining the other computing device 10 may be accomplished by querying a centralized master application or database.
- This centralized master application or database may contain a list of each available computing device 10 and the current geolocation of each, according to some embodiments.
- the other computing device 10 may also be found via a gossip protocol where a local database stored on the computing device 10 is updated by receiving gossip protocol messages from one or more other computing devices 10.
- a gossip protocol is any messaging protocol that passes information among the nodes, such as the computing devices 10, where many nodes may have incomplete information at a specific time, but after receiving a communication from another node, the nodes have information that is at least as complete as before. Failure to receive the messages is tolerated, and information is often transmitted to a node from several other nodes.
- the computing device 10 sends the data to be processed to the other computing device 10 (step 208). Since the other computing device 10 satisfies the location policy, the other computing device 10 will be permitted to process the data.
- the computing device 10 or some other appropriate node may cause a new computing device 10 to become available that will satisfy the location policy.
- causing the new computing device 10 to become available may include causing a VM to be started that will satisfy the location policy.
- the systems and methods disclosed may provide several benefits. For instance, when the computing devices 10 are VMs controlled by a Cloud Services Provider (CSP), there may be less dependence on the CSP. Using the systems and methods disclosed, the CSP only has to guarantee the location of the VMs. Therefore, no special policy management support to launch a VM in a particular location is required from the CSP in some embodiments.
- CSP Cloud Services Provider
- the data regulation is practically handled by the application itself. So, there is decreased or no burden on the CSP. This also means that the data owner does not have to trust or depend on the CSP for proper data handling policies in some embodiments. Additionally, using the systems and methods disclosed, a more granular level location policy may be applied as each piece of data may have its own location policy. Such a location policy may be prohibitively complex if implemented through the CSP alone. In some embodiments, it may be important to ensure the integrity of the application software running on the various computing devices 10. Since the application itself is maintaining the data governance policies, integrity protection of the application software makes sure that no attacker can make any changes to the application itself to violate the data policy. Also, secure distribution and installation of the application is important for ensuring this integrity.
- the computing device 10 determines a geolocation of the computing device 10 (step 300). As will be discussed in more detail below, the geolocation of the computing device 10 may be determined via a Trusted Platform Module (TPM), a Virtual TPM (vTPM), or some other method.
- TPM Trusted Platform Module
- vTPM Virtual TPM
- the computing device 10 determines if the geolocation of the computing device 10 satisfies the location policy associated with the received data (step 302). As discussed above, this may include determining if the geolocation is included in a set of approved locations and/or not included in a set of forbidden locations.
- the location policy associated with the received data is included as metadata with the received data.
- the computing device 10 is a VM running on a host computing device.
- the same application may be replicated across the VMs and be referred to as application instances.
- Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure.
- an application instance receives data to be processed, it first determines whether the application location is equal to the metadata location (step 400).
- the metadata location is a location included in the metadata of the received data that indicates where the data is allowed to be processed. If the application location is equal to the metadata location, the data is processed (step 402). If the application data is not equal to the metadata location, the application instance finds an application instance in the preferred location (step 404). Then the data is sent to that application instance (step 406). Any of the previous variations on how to find an appropriate application instance running in a preferred location could also be applicable to this embodiment.
- This scenario can be easily implemented using methods described in the previous figures. All that is needed to implement the described methods is for the data generated by the sensors or devices to be marked with a location policy in the metadata appropriately, and the rest will be handled by the computing devices 10, as they will determine if the location policy is satisfied before processing the data.
- the location preference is configured by the company itself. These location preferences can be configured in the loT devices during the provisioning or deployment phase or may be changeable, depending on the implementation.
- the interaction with the CSP is reduced.
- the data governance policy is implemented by the computing devices 10 themselves in ways that may be flexible and dynamic.
- FIG. 6 is a diagram of a TPM 14 according to some embodiments of the present disclosure.
- the TPM 14 may conform to an international standard for a secure cryptoprocessor.
- TPM 14 generally offers facilities for the secure generation of cryptographic keys, and limitation of their use.
- the TPM 14 may also include capabilities such as remote attestation and sealed storage.
- Figure 6 shows that the TPM 14 includes a secured input/output 16 that allows the TPM 14 to interface with other aspects of a system.
- TPM 14 also includes one or more cryptographic processors 18.
- the cryptographic processor 18 is connected to a persistent memory 20 and a versatile memory 22.
- the TPM 14 can be used to attest to the geolocation of the TPM 14. This may be accomplished in several ways which are beyond the scope of this disclosure.
- FIGs 7A and 7B illustrate possible interactions between a computing device 10 and a TPM 14 according to some embodiments of the present disclosure.
- a computing device 10 includes a TPM 14 directly. This computing device 10 may use the TPM 14 to determine its geolocation in order to determine if satisfies a location policy.
- FIG 7B several computing devices 10-1 through 10-N are shown. In this embodiment, the computing devices 10 are connected to a hypervisor 24 that interacts with the physical hardware of a host computing device.
- the computing devices 10-1 through 10-N include vTPMs 26-1 through 26-N. These vTPMs 26 communicate through the hypervisor 24 to communicate with a TPM 14 included in the physical hardware of the host computing device.
- these computing devices 10-1 through 10-N are VMs. These VMs can use the vTPMs 26 to access the TPM 14 to attest the geolocation of the physical hardware.
- Figure 7B is only one way of implementing a vTPM. The methods of ensuring that data is processed according to a location policy are not dependent on the method of implementing the vTPM or otherwise providing a way to attest the geolocation of a computing device 10.
- a setup similar to Figure 7B may provide strong security measures to ensure the trust in the location information of the VM so that it cannot be tampered with by software. Since the application is running on a VM and the VM can move/migrate at any time, according to some embodiments, a vTPM may ensure the strong trust on the location information.
- Intel Trusted Execution Technology has the support for assigning a geolocation tag during its provisioning process for a server that acts as the host computing device for the VMs. This hardware-based TPM root of trust can be extended to build a software-based vTPM for an unlimited number of VMs.
- vTPM gives a computing device 10 the opportunity to manage the data governance policy from the application itself without any management needed from the CSP.
- the only thing that the CSP has to provide is to ensure that all the VMs are capable of using a vTPM with geo-tagging enabled.
- FIG. 8 is a diagram of a computing device 10 according to some embodiments of the present disclosure.
- the computing device 10 includes circuitry containing instructions, which when executed, cause the computing device 10 to implement the methods and functionality described herein.
- the circuitry can be in the form of processing means which may include a processor and a memory containing instructions.
- the computing device 10 includes at least one processor 28 and memory 30.
- the computing device 10 also includes a
- the computing device 10 or the functionality of the computing device 10 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 30 and executed by the processor 28.
- the communications interface 32 may include one or more components (e.g., network interface card(s)) that connect the computing device 10 to other systems.
- a computer program including instructions which, when executed by the at least one processor 28, cause the at least one processor 28 to carry out the functionality of the computing device 10 according to any one of the embodiments described herein is provided.
- a carrier containing the aforementioned computer program product is provided.
- the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 30).
- Figure 9 is a diagram of a data creation device 12 according to some embodiments of the present disclosure.
- the data creation device 12 includes circuitry containing instructions, which when executed, cause the data creation device 12 to implement the methods and functionality described herein.
- the circuitry can be in the form of processing means which may include a processor and a memory containing instructions.
- the data creation device 12 includes at least one processor 34 and memory 36.
- the data creation device 12 also includes a communications interface 38.
- the data creation device 12, or the functionality of the data creation device 12 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 36 and executed by the processor 34.
- the communications interface 38 may include one or more components (e.g., network interface card(s)) that connect the data creation device 12 to other systems.
- a computer program including instructions which, when executed by the at least one processor 34, cause the at least one processor 34 to carry out the functionality of the data creation device 12 according to any one of the embodiments described herein is provided.
- a carrier containing the aforementioned computer program product is provided.
- the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 36).
- Figure 10 is a diagram of a computing device 10 including a data receiving module 40, a location determining module 42, and a data processing module 44 according to some embodiments of the present disclosure.
- the data receiving module 40, the location determining module 42, and the data processing module 44 are each implemented in software that, when executed by a processor of the computing device 10, causes the computing device 10 to operate according to one of the embodiments described herein.
- Figure 1 1 is a diagram of a data creation device 12 including a data creation module 46, a location policy module 48, a data encryption module 50, and a data transmitting module 52 according to some embodiments of the present disclosure.
- the data creation module 46, the location policy module 48, the data encryption module 50, and the data transmitting module 52 are each implemented in software that, when executed by a processor of the data creation device 12, causes the data creation device 12 to operate according to one of the embodiments described herein.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computing Systems (AREA)
- Multimedia (AREA)
- Technology Law (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
Systems and methods for data processing based on location preference are provided. In some embodiments, a method of operation of a computing device for providing data processing based on location includes receiving data to be processed; determining if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, processing the received data on the computing device. In some embodiments, this may reduce dependence on a Cloud Services Provider (CSP).
Description
DATA PROCESSING BASED ON LOCATION PREFERENCE
Technical Field
[0001] The present disclosure relates to data processing based on location preference.
Background
[0002] Data is being created at a staggering rate by various data creation devices such as credit card transactions, environmental monitoring, and personal health monitoring devices. As the amount of created data increases, so does the need to process the created data. In some instances, the data is not processed where it is created but at another location by some other computing device. This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons. In many cases, the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located. In some cases, these computing devices may be operating as Virtual Machines (VMs) running on a host computing device. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing.
[0003] Governing the data in the cloud is one of the major issues for large enterprise organizations and for governments. Due to many legal rules, regulations, business policies, etc., data governance is one of the most challenging aspects to tackle when it comes to the cloud. This issue is hampering the adoption of cloud computing by many organizations such as large enterprise organizations and governments.
[0004] Data governance generally means managing the data according to a policy throughout the enterprise. It is a broad topic that can include many aspects of governing data in the cloud, such as managing, assessing, using, storing, monitoring, policy checking, compliance, etc. Many of the data
governance policies are associated with geolocation related data governing issues. There has been a lot of research into geolocation related data
governance. Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent. One way to satisfy these requirements is for a Cloud Services Provider (CSP) to be informed of the data governance policies and for the CSP to use a special policy management support mechanism to launch a VM in a particular location to process the data. This introduces a burden on the CSP, and this also requires the data owner to trust or depend on the CSPs for proper implementation of data handling policies. As such, systems and methods for data processing based on location preference are needed.
Summary
[0005] Systems and methods for data processing based on location preference are provided. In some embodiments, a method of operation of a computing device for providing data processing based on location includes receiving data to be processed; determining if a location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, processing the received data on the computing device. In some embodiments, this may reduce dependence on a Cloud Services Provider (CSP).
[0006] In some embodiments, the location policy associated with the received data is included as metadata with the received data.
[0007] In some embodiments, determining if the location policy associated with the received data is satisfied includes determining a geolocation of the computing device and determining if the geolocation of the computing device satisfies the location policy associated with the received data.
[0008] In some embodiments, determining if the geolocation of the computing device satisfies the location policy associated with the received data includes determining that the geolocation of the computing device is included in a set of
approved locations in the location policy and/or not included in a set of forbidden locations in the location policy.
[0009] In some embodiments, determining the geolocation of the computing device includes determining the geolocation of the computing device by querying a Virtual Trusted Platform Module (vTPM).
[0010] In some embodiments, the method also includes, in response to determining that the location policy is not satisfied, determining another computing device that will satisfy the location policy, and in response to determining the other computing device that will satisfy the location policy, sending the data to be processed to the other computing device that will satisfy the location policy.
[0011] In some embodiments, determining the other computing device that will satisfy the location policy includes querying a centralized master
application/database for the other computing device that will satisfy the location policy. In some embodiments, determining the other computing device that will satisfy the location policy includes querying a local database stored on the computing device for the other computing device that will satisfy the location policy. In some embodiments, the local database stored on the computing device is updated by receiving gossip protocol messages from one or more other computing devices.
[0012] In some embodiments, the method also includes, in response to determining that no other computing device will satisfy the location policy, causing a new computing device to become available that will satisfy the location policy. In some embodiments, causing the new computing device to become available comprises causing a Virtual Machine (VM) to be started that will satisfy the location policy.
[0013] In some embodiments, the received data is encrypted. In some embodiments, the computing device is a VM running on a host computing device.
[0014] In some embodiments, a method of operation of a data creation device for enabling data to be processed based on location includes creating data to be
processed; associating a location policy with the created data; encrypting data to be processed; and sending the created data to a computing device.
[0015] In some embodiments, the location policy associated with the created data is included as metadata with the created data. In some embodiments, the location policy associated with the created data includes one or more of the group consisting of a set of approved locations and/or a set of forbidden locations.
[0016] In some embodiments, a computing device for providing data processing based on location is adapted to receive data to be processed;
determine if the location policy associated with the received data is satisfied; and, in response to determining that the location policy is satisfied, process the received data on the computing device. In some embodiments, the computing device is adapted to perform any methods disclosed herein.
[0017] In some embodiments, a computer program includes instructions which, when executed on at least one processor, cause the at least one processor to carry out any methods disclosed herein. In some embodiments, the computer program is contained in a carrier where the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
[0018] In some embodiments, a computing device for providing data processing based on location includes a data receiving module operative to receive data to be processed; a location determining module operative to determine if the location policy associated with the received data is satisfied; and a data processing module operative to in response to determining that the location policy is satisfied, process the received data on the computing device.
[0019] In some embodiments, a computing device for providing data processing based on location includes a processor and memory containing instructions executable by the processor whereby the computing device is operative to receive data to be processed; determine if a location policy associated with the received data is satisfied; and, in response to determining
that the location policy is satisfied, process the received data on the computing device.
[0020] In some embodiments, a data creation device for enabling data to be processed based on location is adapted to create data to be processed;
associate a location policy with the created data; encrypt the created data; and send the created data to a computing device.
[0021] In some embodiments, a data creation device for enabling data to be processed based on location includes a data creation module operative to create data to be processed; a location policy module operative to associate a location policy with the created data; a data encryption module operative to encrypt the created data; and a data transmitting module operative to send the created data to a computing device.
[0022] In some embodiments, a data creation device for enabling data to be processed based on location includes a processor and memory containing instructions executable by the processor whereby the data creation device is operative to create data to be processed; associate a location policy with the created data; encrypt the created data; and send the created data to a computing device.
[0023] Those skilled in the art will appreciate the scope of the present disclosure and realize additional aspects thereof after reading the following detailed description of the embodiments in association with the accompanying drawing figures.
Brief Description of the Drawings
[0024] The accompanying drawing figures incorporated in and forming a part of this specification illustrate several aspects of the disclosure, and together with the description serve to explain the principles of the disclosure.
[0025] Figure 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure;
[0026] Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure;
[0027] Figure 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure;
[0028] Figure 4 is a flow chart illustrating a process for determining if a location policy is satisfied according to some embodiments of the present disclosure;
[0029] Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure;
[0030] Figure 6 is a diagram of a Trusted Platform Module (TPM) according to some embodiments of the present disclosure;
[0031] Figures 7A and 7B illustrate possible interactions between a computing device and a TPM according to some embodiments of the present disclosure;
[0032] Figure 8 is a diagram of a computing device according to some embodiments of the present disclosure;
[0033] Figure 9 is a diagram of a data creation device according to some embodiments of the present disclosure;
[0034] Figure 10 is a diagram of a computing device including modules according to some embodiments of the present disclosure; and
[0035] Figure 1 1 is a diagram of a data creation device including modules according to some embodiments of the present disclosure.
Detailed Description
[0036] The embodiments set forth below represent information to enable those skilled in the art to practice the embodiments. Upon reading the following description in light of the accompanying drawing figures, those skilled in the art will understand the concepts of the disclosure and will recognize applications of these concepts not particularly addressed herein. It should be understood that
these concepts and applications fall within the scope of the disclosure and the accompanying claims.
[0037] In some instances, data created by a data creation device is not processed where it is created but at another location by some other computing device. This division may be caused by the type of processing required (e.g., calculating average temperatures across a geographic area), because of limitations in the hardware of the data creation device (e.g., sensors), or for any other reasons. In many cases, the computing device that will be processing the data may not be physically proximate to the data creation device and may even be distantly located. Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent.
[0038] Figure 1 illustrates a network of running application instances in different locations according to some embodiments of the present disclosure. In this embodiment, each application instance is running on one or more computing devices 10-1 through 10-N (referred to herein as computing device 10 and computing devices 10). As shown in Figure 1 , one or more data creation devices 12-1 through 12-N (referred to herein as data creation device 12 and data creation devices 12) are connected to various computing devices 10. For instance, data creation device 12-1 is shown as connected to computing device 10-N, while data creation device 12-2 is shown as connected to computing device 10-6. In some embodiments, the different computing devices 10 are interchangeable and are each capable of processing the created data. In some cases, these computing devices 10 may be operating as Virtual Machines (VMs) running on a host computing device. Figure 1 indicates that the computing devices 10 each have a location. Some or all of the computing devices 10 may be located in the same place. In other embodiments, some of these computing devices 10 may be physically separated from one or more of the other computing devices 10. Accessing computing devices remotely in this way is sometimes referred to as operating in the cloud or as cloud computing.
[0039] Many geolocation related regulations state that the data should not leave a specific geographical boundary, such as a particular country or continent. Figure 2 is a flow chart illustrating a process for enabling data to be processed based on location according to some embodiments of the present disclosure. First, a data creation device 12 creates data to be processed (step 100). The data creation device 12 then associates a location policy with the created data (step 102). In some embodiments, the location policy may include a set of approved locations where the created data may be processed and/or the location policy may include a set of forbidden locations where the created data may not be processed. This location policy may be included in metadata associated with the created data.
[0040] The data creation device 12 then encrypts the created data (step 104). In some embodiments the created data is encrypted to satisfy one or more data governance policies. For instance, some policies consider that encrypted data may be in a location that would otherwise be forbidden for the unencrypted data to be. Any encryption mechanism may be used, and the implementation specifics may be chosen by the manufacturer of the data creation device 12 or by an application on the data creation device 12. In some embodiments, techniques other than encryption may be used to protect the data. The data creation device 12 then sends the created data to a computing device 10 (step 106). Since there is encryption in use, a key handling mechanism is required. Many different approaches to manage the keys exist, and the approach chosen may depend on the use of the system and/or other factors. The approach taken is not important for the operation of the systems and methods disclosed herein, but the following is one possible implementation. The keys for the data creation devices 12 are burnt into the devices during the manufacturing or provisioning phase. With this, the data creation device 12 can encrypt and/or sign the data before sending it to, preferably the nearest, computing device 10. Now, the computing device 10 may have the decryption key by itself or it may communicate with a trusted Key Distribution Center (KDC) to receive the key if it decides to decrypt the data. In
the case where a KDC is used, there is a trust relationship between the computing device 10 and the KDC.
[0041] Even if the created data is encrypted, the metadata or location policy may be in plaintext or some other format accessible without decrypting the data. There should be some message integrity protection mechanism in place to protect the integrity of the location policy. Otherwise, an attacker may edit the location policy in the metadata and get it decrypted and/or processed in a place where it should not be decrypted.
[0042] Figure 3 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure. A computing device 10 receives data to be processed (step 200). In some embodiments, this received data may have been sent by a data creation device 10 in a manner such as described above in relation to Figure 2 and especially step 106. The computing device 10 then determines if a location policy associated with the received data is satisfied (step 202). One method of accomplishing this determination will be discussed in relation to Figure 4 below. If the location policy associated with the received data is satisfied, the computing device 10 proceeds to process the received data on the computing device 10 (step 204). The type of processing performed on the received data is application dependent. In this embodiment, the computing device 10 only processes the data if the location policy is satisfied. Additionally, the received data may be encrypted, such as during step 104 discussed in relation to Figure 2. If the received data is encrypted, the computing device 10 may wait to decrypt the received data until after it is determined that the location policy is satisfied. In this case, the received data is considered to not even be present on the computing device 10 while it is still encrypted. Since it is determined that the location policy is satisfied before the received data is unencrypted, the received data is never processed by a computing device 10 that does not conform to the requirements of the location policy associated with the received data.
[0043] If the location policy associated with the received data is not satisfied, the computing device 10 does not process the received data on the computing
device 10. If the received data is encrypted, the computing device 10 should not even decrypt the received data. To ensure that a piece of data always gets processed, there need to be some additional mechanisms added to the system. First of all, the application should be running in all the approved locations that are allowed to be listed in the location policy. Secondly, there needs to be a mechanism to track all the running application instances. This may be done in different ways. The computing device 10 determines an other computing device 10 that will satisfy the location policy (step 206). Determining the other computing device 10 may be accomplished by querying a centralized master application or database. This centralized master application or database may contain a list of each available computing device 10 and the current geolocation of each, according to some embodiments. The other computing device 10 may also be found via a gossip protocol where a local database stored on the computing device 10 is updated by receiving gossip protocol messages from one or more other computing devices 10. As used herein, a gossip protocol is any messaging protocol that passes information among the nodes, such as the computing devices 10, where many nodes may have incomplete information at a specific time, but after receiving a communication from another node, the nodes have information that is at least as complete as before. Failure to receive the messages is tolerated, and information is often transmitted to a node from several other nodes. Regardless of how the other computing device 10 that satisfies the location policy is determined, the computing device 10 sends the data to be processed to the other computing device 10 (step 208). Since the other computing device 10 satisfies the location policy, the other computing device 10 will be permitted to process the data.
[0044] If it is determined that no other computing device 10 will satisfy the location policy, the computing device 10 or some other appropriate node may cause a new computing device 10 to become available that will satisfy the location policy. In embodiments where the computing devices 10 are VMs, causing the new computing device 10 to become available may include causing a VM to be started that will satisfy the location policy.
[0045] The systems and methods disclosed may provide several benefits. For instance, when the computing devices 10 are VMs controlled by a Cloud Services Provider (CSP), there may be less dependence on the CSP. Using the systems and methods disclosed, the CSP only has to guarantee the location of the VMs. Therefore, no special policy management support to launch a VM in a particular location is required from the CSP in some embodiments. Also, the data regulation is practically handled by the application itself. So, there is decreased or no burden on the CSP. This also means that the data owner does not have to trust or depend on the CSP for proper data handling policies in some embodiments. Additionally, using the systems and methods disclosed, a more granular level location policy may be applied as each piece of data may have its own location policy. Such a location policy may be prohibitively complex if implemented through the CSP alone. In some embodiments, it may be important to ensure the integrity of the application software running on the various computing devices 10. Since the application itself is maintaining the data governance policies, integrity protection of the application software makes sure that no attacker can make any changes to the application itself to violate the data policy. Also, secure distribution and installation of the application is important for ensuring this integrity.
[0046] One way of determining if a location policy is satisfied on a computing device 10 is shown in Figure 4. This process can be included as the determining step 202 discussed in relation to Figure 3 or may be performed for other reasons. First, the computing device 10 determines a geolocation of the computing device 10 (step 300). As will be discussed in more detail below, the geolocation of the computing device 10 may be determined via a Trusted Platform Module (TPM), a Virtual TPM (vTPM), or some other method. Next, the computing device 10 determines if the geolocation of the computing device 10 satisfies the location policy associated with the received data (step 302). As discussed above, this may include determining if the geolocation is included in a set of approved locations and/or not included in a set of forbidden locations. In some
embodiments, the location policy associated with the received data is included as metadata with the received data.
[0047] In some embodiments, the computing device 10 is a VM running on a host computing device. In these embodiments, the same application may be replicated across the VMs and be referred to as application instances. Figure 5 is a flow chart illustrating a process for providing data processing based on location according to some embodiments of the present disclosure. When an application instance receives data to be processed, it first determines whether the application location is equal to the metadata location (step 400). In this embodiment, the metadata location is a location included in the metadata of the received data that indicates where the data is allowed to be processed. If the application location is equal to the metadata location, the data is processed (step 402). If the application data is not equal to the metadata location, the application instance finds an application instance in the preferred location (step 404). Then the data is sent to that application instance (step 406). Any of the previous variations on how to find an appropriate application instance running in a preferred location could also be applicable to this embodiment.
[0048] As one example of how the methods described in the previous figures may be used, consider a scenario where, in the Internet of Things (loT) world, a company collects data from all sorts of sensors or devices (data creation devices 12) from various places in the world. All of these sensors or devices send encrypted and perhaps integrity protected data to the cloud where the company runs its application for processing that data (computing devices 10). Since it is a worldwide company, it runs its application in different geographic locations in the cloud. Now, this company may consider some type of data to be more valuable and desire that data to be processed only in certain locations. Similarly, the restrictions may be due to regulations (e.g. health sensor data).
[0049] This scenario can be easily implemented using methods described in the previous figures. All that is needed to implement the described methods is for the data generated by the sensors or devices to be marked with a location policy in the metadata appropriately, and the rest will be handled by the
computing devices 10, as they will determine if the location policy is satisfied before processing the data. In this scenario, the location preference is configured by the company itself. These location preferences can be configured in the loT devices during the provisioning or deployment phase or may be changeable, depending on the implementation.
[0050] As another example, consider a scenario where a company sells personal health devices worldwide that monitor personal health information. Whenever these devices are connected to Internet, they send encrypted data to the company's server for processing. Now, assume there is a regulation stating that the health related information of a person could only be processed within a person's country of nationality. The company is running its server application worldwide, and people moving to different countries makes it very difficult to manage this data governance policy. However, using the methods described in the previous figures, the data governance becomes a trivial problem. In this scenario, all the health devices just have to include the location preference for processing the data within the metadata when it sends to the server. Now the server application can check where it can process this particular piece of data and handle it accordingly. In this scenario, each individual user may set the location preference. Therefore, the company selling the device has to provide a way to make this configurable by the user.
[0051] In both of the scenarios discussed above, the interaction with the CSP is reduced. Instead of relying on the CSP to implement the data governance policy, which may require extensive communication with the CSP, the data governance policy is implemented by the computing devices 10 themselves in ways that may be flexible and dynamic.
[0052] As discussed above, one way for a computing device 10 to determine its location is to use a TPM. Figure 6 is a diagram of a TPM 14 according to some embodiments of the present disclosure. The TPM 14 may conform to an international standard for a secure cryptoprocessor. TPM 14 generally offers facilities for the secure generation of cryptographic keys, and limitation of their use. The TPM 14 may also include capabilities such as remote attestation and
sealed storage. Figure 6 shows that the TPM 14 includes a secured input/output 16 that allows the TPM 14 to interface with other aspects of a system. TPM 14 also includes one or more cryptographic processors 18. The cryptographic processor 18 is connected to a persistent memory 20 and a versatile memory 22. In some embodiments, the TPM 14 can be used to attest to the geolocation of the TPM 14. This may be accomplished in several ways which are beyond the scope of this disclosure.
[0053] Figures 7A and 7B illustrate possible interactions between a computing device 10 and a TPM 14 according to some embodiments of the present disclosure. In Figure 7A, a computing device 10 includes a TPM 14 directly. This computing device 10 may use the TPM 14 to determine its geolocation in order to determine if satisfies a location policy. In Figure 7B, several computing devices 10-1 through 10-N are shown. In this embodiment, the computing devices 10 are connected to a hypervisor 24 that interacts with the physical hardware of a host computing device. In this example, the computing devices 10-1 through 10-N include vTPMs 26-1 through 26-N. These vTPMs 26 communicate through the hypervisor 24 to communicate with a TPM 14 included in the physical hardware of the host computing device. In some embodiments, these computing devices 10-1 through 10-N are VMs. These VMs can use the vTPMs 26 to access the TPM 14 to attest the geolocation of the physical hardware. Figure 7B is only one way of implementing a vTPM. The methods of ensuring that data is processed according to a location policy are not dependent on the method of implementing the vTPM or otherwise providing a way to attest the geolocation of a computing device 10.
[0054] A setup similar to Figure 7B may provide strong security measures to ensure the trust in the location information of the VM so that it cannot be tampered with by software. Since the application is running on a VM and the VM can move/migrate at any time, according to some embodiments, a vTPM may ensure the strong trust on the location information. For example, Intel Trusted Execution Technology (TXT) has the support for assigning a geolocation tag during its provisioning process for a server that acts as the host computing
device for the VMs. This hardware-based TPM root of trust can be extended to build a software-based vTPM for an unlimited number of VMs. The use of vTPM gives a computing device 10 the opportunity to manage the data governance policy from the application itself without any management needed from the CSP. The only thing that the CSP has to provide is to ensure that all the VMs are capable of using a vTPM with geo-tagging enabled.
[0055] Figure 8 is a diagram of a computing device 10 according to some embodiments of the present disclosure. In some embodiments, the computing device 10 includes circuitry containing instructions, which when executed, cause the computing device 10 to implement the methods and functionality described herein. In one example, the circuitry can be in the form of processing means which may include a processor and a memory containing instructions. As illustrated, the computing device 10 includes at least one processor 28 and memory 30. As illustrated, the computing device 10 also includes a
communications interface 32. In some embodiments, the computing device 10, or the functionality of the computing device 10 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 30 and executed by the processor 28. The communications interface 32 may include one or more components (e.g., network interface card(s)) that connect the computing device 10 to other systems.
[0056] In some embodiments, a computer program including instructions which, when executed by the at least one processor 28, cause the at least one processor 28 to carry out the functionality of the computing device 10 according to any one of the embodiments described herein is provided. In some
embodiments, a carrier containing the aforementioned computer program product is provided. The carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 30).
[0057] Figure 9 is a diagram of a data creation device 12 according to some embodiments of the present disclosure. In some embodiments, the data creation device 12 includes circuitry containing instructions, which when executed, cause
the data creation device 12 to implement the methods and functionality described herein. In one example, the circuitry can be in the form of processing means which may include a processor and a memory containing instructions. As illustrated, the data creation device 12 includes at least one processor 34 and memory 36. As illustrated, the data creation device 12 also includes a communications interface 38. In some embodiments, the data creation device 12, or the functionality of the data creation device 12 described with respect to any one of the embodiments described herein, is implemented in software that is stored in, e.g., the memory 36 and executed by the processor 34. The communications interface 38 may include one or more components (e.g., network interface card(s)) that connect the data creation device 12 to other systems.
[0058] In some embodiments, a computer program including instructions which, when executed by the at least one processor 34, cause the at least one processor 34 to carry out the functionality of the data creation device 12 according to any one of the embodiments described herein is provided. In some embodiments, a carrier containing the aforementioned computer program product is provided. The carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium (e.g., a non-transitory computer readable medium such as the memory 36).
[0059] Figure 10 is a diagram of a computing device 10 including a data receiving module 40, a location determining module 42, and a data processing module 44 according to some embodiments of the present disclosure. The data receiving module 40, the location determining module 42, and the data processing module 44 are each implemented in software that, when executed by a processor of the computing device 10, causes the computing device 10 to operate according to one of the embodiments described herein.
[0060] Figure 1 1 is a diagram of a data creation device 12 including a data creation module 46, a location policy module 48, a data encryption module 50, and a data transmitting module 52 according to some embodiments of the present disclosure. The data creation module 46, the location policy module 48,
the data encryption module 50, and the data transmitting module 52 are each implemented in software that, when executed by a processor of the data creation device 12, causes the data creation device 12 to operate according to one of the embodiments described herein.
[0061] The following acronyms are used throughout this disclosure.
CSP Cloud Services Provider
IEC International Electrotechnical Commission loT Internet of Things
ISO International Organization for Standardization
KDC Key Distribution Center
TPM Trusted Platform Module
TXT Trusted Execution Technology
VM Virtual Machine
vTPM Virtual Trusted Platform Module
[0062] Those skilled in the art will recognize improvements and modifications to the embodiments of the present disclosure. All such improvements and modifications are considered within the scope of the concepts disclosed herein and the claims that follow.
Claims
1. A method of operation of a computing device (10) for providing data processing based on location comprising:
receiving (200) data to be processed;
determining (202) if a location policy associated with the received data is satisfied; and
in response to determining that the location policy is satisfied, processing (204) the received data on the computing device (10).
2. The method of claim 1 wherein the location policy associated with the received data is included as metadata with the received data.
3. The method of any of claims 1 through 2 wherein determining if the location policy associated with the received data is satisfied comprises:
determining (300) a geolocation of the computing device (10); and determining (302) if the geolocation of the computing device (10) satisfies the location policy associated with the received data.
4. The method of claim 3 wherein determining if the geolocation of the computing device (10) satisfies the location policy associated with the received data comprises determining that the geolocation of the computing device (10) is included in a set of approved locations in the location policy and/or not included in a set of forbidden locations in the location policy.
5. The method of any of claims 3 through 4 wherein determining the geolocation of the computing device (10) comprises determining the geolocation of the computing device (10) by querying a Virtual Trusted Platform Module, vTPM (26).
6. The method of any of claims 1 through 5 further comprising:
in response to determining that the location policy is not satisfied, determining (206) an other computing device (10) that will satisfy the location policy;
in response to determining the other computing device (10) that will satisfy the location policy, sending (208) the data to be processed to the other computing device (10) that will satisfy the location policy.
7. The method of claim 6 wherein determining the other computing device (10) that will satisfy the location policy comprises querying a centralized master application or database for the other computing device (10) that will satisfy the location policy.
8. The method of claim 6 wherein determining the other computing device (10) that will satisfy the location policy comprises querying a local database stored on the computing device (10) for the other computing device (10) that will satisfy the location policy.
9. The method of claim 8 wherein the local database stored on the computing device (10) is updated by receiving gossip protocol messages from one or more other computing devices (10).
10. The method of any of claims 6 through 9 further comprising:
in response to determining that no other computing device (10) will satisfy the location policy, causing a new computing device (10) to become available that will satisfy the location policy.
1 1 . The method of claim 10 wherein causing the new computing device (10) to become available comprises causing a Virtual Machine, VM, to be started that will satisfy the location policy.
12. The method of any of claims 1 through 1 1 wherein the received data is encrypted.
13. The method of any of claims 1 through 12 wherein the computing device (10) is a Virtual Machine, VM, running on a host computing device (10).
14. A method of operation of a data creation device (12) for enabling data to be processed based on location comprising:
creating (100) data to be processed;
associating (102) a location policy with the created data;
encrypting (104) data to be processed; and
sending (106) the created data to a computing device (10).
15. The method of claim 14 wherein the location policy associated with the created data is included as metadata with the created data.
16. The method of any of claims 14 through 15 wherein the location policy associated with the created data comprises one or more of the group consisting of a set of approved locations and/or a set of forbidden locations.
17. A computing device (10) for providing data processing based on location adapted to:
receive data to be processed;
determine if a location policy associated with the received data is satisfied; and
in response to determining that the location policy is satisfied, process the received data on the computing device (10).
18. The computing device (10) of claim 17 adapted to perform the method of any of claims 1 through 13.
19. A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of claims 1 through 13.
20. A carrier containing the computer program of claim 19, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
21 . A computing device (10) for providing data processing based on location comprising:
a data receiving module (40) operative to receive data to be processed; a location determining module (42) operative to determine if a location policy associated with the received data is satisfied; and
a data processing module (44) operative to in response to determining that the location policy is satisfied, process the received data on the computing device (10).
22. A computing device (10) for providing data processing based on location comprising:
a processor (28); and
memory (30) containing instructions executable by the processor (28) whereby the computing device (10) is operative to:
receive data to be processed;
determine if a location policy associated with the received data is satisfied; and
in response to determining that the location policy is satisfied, process the received data on the computing device (10).
23. A data creation device (12) for enabling data to be processed based on location adapted to:
create data to be processed;
associate a location policy with the created data;
encrypt the created data; and
send the created data to a computing device (10).
24. The data creation device (12) of claim 23 adapted to perform the method of any of claims 15 through 16.
25. A computer program comprising instructions which, when executed on at least one processor, cause the at least one processor to carry out the method according to any one of claims 14 through 16.
26. A carrier containing the computer program of claim 25, wherein the carrier is one of an electronic signal, an optical signal, a radio signal, or a computer readable storage medium.
27. A data creation device (12) for enabling data to be processed based on location comprising:
a data creation module (46) operative to create data to be processed; a location policy module (48) operative to associate a location policy with the created data;
a data encryption module (50) operative to encrypt the created data; and a data transmitting module (52) operative to send the created data to a computing device (10).
28. A data creation device (12) for enabling data to be processed based on location comprising:
a processor (34); and
memory (36) containing instructions executable by the processor (34) whereby the data creation device (12) is operative to:
create data to be processed;
associate a location policy with the created data;
encrypt the created data; and
send the created data to a computing device (10).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SE2015/050750 WO2016209134A1 (en) | 2015-06-26 | 2015-06-26 | Data processing based on location preference |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/SE2015/050750 WO2016209134A1 (en) | 2015-06-26 | 2015-06-26 | Data processing based on location preference |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2016209134A1 true WO2016209134A1 (en) | 2016-12-29 |
Family
ID=53682767
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/SE2015/050750 WO2016209134A1 (en) | 2015-06-26 | 2015-06-26 | Data processing based on location preference |
Country Status (1)
Country | Link |
---|---|
WO (1) | WO2016209134A1 (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120159156A1 (en) * | 2010-12-20 | 2012-06-21 | Microsoft Corporation | Tamper proof location services |
WO2015006798A1 (en) * | 2013-07-15 | 2015-01-22 | Cocoon Data Holdings Limited | Secure data object generation and management |
-
2015
- 2015-06-26 WO PCT/SE2015/050750 patent/WO2016209134A1/en active Application Filing
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20120159156A1 (en) * | 2010-12-20 | 2012-06-21 | Microsoft Corporation | Tamper proof location services |
WO2015006798A1 (en) * | 2013-07-15 | 2015-01-22 | Cocoon Data Holdings Limited | Secure data object generation and management |
Non-Patent Citations (1)
Title |
---|
PALADI NICOLAE ET AL: "Trusted Geolocation-Aware Data Placement in Infrastructure Clouds", 2014 IEEE 13TH INTERNATIONAL CONFERENCE ON TRUST, SECURITY AND PRIVACY IN COMPUTING AND COMMUNICATIONS, IEEE, 24 September 2014 (2014-09-24), pages 352 - 360, XP032725034, DOI: 10.1109/TRUSTCOM.2014.47 * |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3937424B1 (en) | Blockchain data processing methods and apparatuses based on cloud computing | |
US11757647B2 (en) | Key protection for computing platform | |
US11573830B2 (en) | Software defined silicon implementation and management | |
US11500988B2 (en) | Binding secure keys of secure guests to a hardware security module | |
US10157290B1 (en) | Systems and methods for encrypting files | |
US20150347773A1 (en) | Method and system for implementing data security policies using database classification | |
US20180152423A1 (en) | Multi-level security enforcement utilizing data typing | |
US20200104528A1 (en) | Data processing method, device and system | |
US10255450B2 (en) | Customer load of field programmable gate arrays | |
EP3780484A1 (en) | Cryptographic operation and working key creation method and cryptographic service platform and device | |
US11533174B2 (en) | Binding secure objects of a security module to a secure guest | |
US9697378B2 (en) | Network encrypted data object stored on an encrypted file system | |
EP3935536B1 (en) | Secure execution guest owner controls for secure interface control | |
US20220179946A1 (en) | Secure computing resource deployment using homomorphic encryption | |
US10536276B2 (en) | Associating identical fields encrypted with different keys | |
US9344407B1 (en) | Centrally managed use case-specific entity identifiers | |
US10754987B2 (en) | Secure micro-service data and service provisioning for IoT platforms | |
CN112000978A (en) | Private data output method, data processing system, and storage medium | |
US9251375B1 (en) | Use case-specific entity identifiers | |
EP3879783B1 (en) | Data security processing method and terminal thereof | |
CN114969832B (en) | Private data management method and system based on server-free architecture | |
CN114586032B (en) | Secure workload configuration | |
US11722295B2 (en) | Methods, apparatus, and articles of manufacture to securely audit communications | |
WO2019040182A1 (en) | Systems and methods for encrypting files | |
US11646878B2 (en) | Distributing encrypted data objects with encryption information as metadata |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 15739353 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 15739353 Country of ref document: EP Kind code of ref document: A1 |