Establishing a cleanroom data processing environment
First Claim
1. A method comprising:
- configuring a virtual private cloud environment to prevent data from being sent to network locations external to the virtual private cloud environment;
receiving, by one or more computing resources deployed within the virtual private cloud environment through a first user account that is associated with the virtual private cloud environment, a first set of data;
deploying a set of one or more software components within the virtual private cloud environment, the set of one or more software components received from a second user account that is associated with the virtual private cloud environment;
wherein the first user account is associated with a first authentication token and the second user account is associated with a second authentication token;
generating, by the set of one or more software components deployed within the virtual private cloud environment based at least in part on the first set of data that is associated with the first user account, a set of output data;
continuously while the first set of data is stored in the virtual private cloud environment and unless the first user account authorizes export of the first set of data, preventing the first set of data from being sent to network locations external to the virtual private cloud environment; and
preventing access to resources within the virtual private cloud environment by network devices external to the virtual private cloud environment unless both the first user account and the second user account have been authenticated based, at least in part, on the first authentication token and the second authentication token.
1 Assignment
0 Petitions
Accused Products
Abstract
Techniques for providing a virtual cleanroom data processing environment are described herein. In one or more embodiments, a virtual private cloud environment is configured to prevent data from being sent to network locations external to the virtual private cloud environment. One or more computing resources deployed within the virtual private cloud environment receives, from a first source external to the virtual private cloud environment, a first set of data that is associated with a first user account. A set of one or more software components, received from a second source, are also deployed within the virtual private cloud environment. Once deployed, the set of software components generates, based at least in part on the first set of data, a set of output data. The first set of data is continuously prevented from being sent to network locations external to the virtual private cloud environment.
51 Citations
20 Claims
-
1. A method comprising:
-
configuring a virtual private cloud environment to prevent data from being sent to network locations external to the virtual private cloud environment; receiving, by one or more computing resources deployed within the virtual private cloud environment through a first user account that is associated with the virtual private cloud environment, a first set of data; deploying a set of one or more software components within the virtual private cloud environment, the set of one or more software components received from a second user account that is associated with the virtual private cloud environment; wherein the first user account is associated with a first authentication token and the second user account is associated with a second authentication token; generating, by the set of one or more software components deployed within the virtual private cloud environment based at least in part on the first set of data that is associated with the first user account, a set of output data; continuously while the first set of data is stored in the virtual private cloud environment and unless the first user account authorizes export of the first set of data, preventing the first set of data from being sent to network locations external to the virtual private cloud environment; and preventing access to resources within the virtual private cloud environment by network devices external to the virtual private cloud environment unless both the first user account and the second user account have been authenticated based, at least in part, on the first authentication token and the second authentication token. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. One or more non-transitory computer readable media storing instructions, which, when executed by one or more hardware processors, cause operations comprising:
-
configuring a virtual private cloud environment to prevent data from being sent to network locations external to the virtual private cloud environment; receiving, by one or more computing resources deployed within the virtual private cloud environment through a first user account that is associated with the virtual private cloud environment, a first set of data; deploying a set of one or more software components within the virtual private cloud environment, the set of one or more software components received from a second user account that is associated with the virtual private cloud environment; wherein the first user account is associated with a first authentication token and the second user account is associated with a second authentication token; generating, by the set of one or more software components deployed within the virtual private cloud environment based at least in part on the first set of data that is associated with the first user account, a set of output data; continuously while the first set of data is stored in the virtual private cloud environment and unless the first user account authorizes export of the first set of data, preventing the first set of data from being sent to network locations external to the virtual private cloud environment; and preventing access to resources within the virtual private cloud environment by network devices external to the virtual private cloud environment unless both the first user account and the second user account have been authenticated based, at least in part, on the first authentication token and the second authentication token. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system comprising:
-
one or more hardware processors; one or more non-transitory computer readable media storing instructions, which, when executed by the one or more hardware processors, cause operations comprising; configuring a virtual private cloud environment to prevent data from being sent to network locations external to the virtual private cloud environment; receiving, by one or more computing resources deployed within the virtual private cloud environment through a first user account that is associated with the virtual private cloud environment, a first set of data; deploying a set of one or more software components within the virtual private cloud environment, the set of one or more software components received from a second user account that is associated with the virtual private cloud environment; wherein the first user account is associated with a first authentication token and the second user account is associated with a second authentication token; generating, by the set of one or more software components deployed within the virtual private cloud environment based at least in part on the first set of data that is associated with the first user account, a set of output data; continuously while the first set of data is stored in the virtual private cloud environment and unless the first user account authorizes export of the first set of data, preventing the first set of data from being sent to network locations external to the virtual private cloud environment; and preventing access to resources within the virtual private cloud environment by network devices external to the virtual private cloud environment unless both the first user account and the second user account have been authenticated based, at least in part, on the first authentication token and the second authentication token. - View Dependent Claims (20)
-
Specification