System and method for dynamically allocating resources
First Claim
1. A method of dynamically allocating computing resources for a transaction related to data, based on the satisfaction of policies, such as privacy policies, comprising the steps of:
- (a) receiving a request requiring a computing resource to process data to be processed;
(b) selecting, based on the data to be processed and contextual information, a set of rules associated with the data to be processed;
(c) selecting a resource or resources to process the data and transmitting the data, in a protected/encrypted format, to the selected resource or resources;
(d) sending a message from the selected resource to a trusted privacy service requesting a key to decrypt the data to allow the data to be decrypted so that it can be processed on the selected resource;
(e) sending a key from the trusted privacy service to the resource to allow the resource to decrypt the data and process the data it the trusted privacy service determines that the selected resource complies with the selected rules.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer network has a number of resources. One or more trusted localisation provider certifies the location of the resources. Encrypted data is closely associated with a policy package defining privacy policies for the data and metapolicies for their selection. A trusted privacy service enforces the privacy policies. The trusted privacy service is arranged to supply a key to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localisation provider certifying the location and other contextual information of the resource that the privacy policy allows processing of the data on that resource in that location.
55 Citations
18 Claims
-
1. A method of dynamically allocating computing resources for a transaction related to data, based on the satisfaction of policies, such as privacy policies, comprising the steps of:
-
(a) receiving a request requiring a computing resource to process data to be processed;
(b) selecting, based on the data to be processed and contextual information, a set of rules associated with the data to be processed;
(c) selecting a resource or resources to process the data and transmitting the data, in a protected/encrypted format, to the selected resource or resources;
(d) sending a message from the selected resource to a trusted privacy service requesting a key to decrypt the data to allow the data to be decrypted so that it can be processed on the selected resource;
(e) sending a key from the trusted privacy service to the resource to allow the resource to decrypt the data and process the data it the trusted privacy service determines that the selected resource complies with the selected rules. - View Dependent Claims (2, 3, 4, 18)
-
-
5. A computer system comprising:
-
a plurality of resources;
a network linking the resources;
at least one trusted localisation provider arranged to certify the location of the resources;
a policy package associated with data, defining different privacy policies for the data and metadata to select the relevant set of privacy policies;
at least one trusted privacy service arranged to enforce the privacy policies;
a store storing confidential data in an encrypted fashion, wherein the encrypted data can only be decrypted using one or more keys; and
a resource allocation server arranged to dynamically allocate resources to process the data;
wherein the trusted privacy service is arranged to supply one or more keys to a resource to allow that resource to process data if the trusted privacy service determines from the trusted localisation provider, and the resource that the privacy policy allows processing of the data on that resource in that location. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A data item for use in a secure environment including:
-
encrypted confidential data; and
a policy package including;
at least one privacy policy set setting out how the encrypted confidential data is to be processed; and
at least one metapolicy, including rules setting out which privacy policy is appropriate when a resource processes the data, at least one of the rules including the location of the resource carrying out the processing;
wherein the data item is tightly bound together in the secure environment to keep the policy package associated with the encrypted confidential data.
-
-
11. A method of processing confidential data in a resource, comprising the steps of:
-
(a) receiving, from a resource allocation service, the confidential data bound together with a policy package setting out the privacy policy or policies associated with the data;
(b) obtaining, from a trusted localisation provider, localisation information regarding the resource;
(c) sending a message from the resource to a trusted privacy service, the message including the policy package and the localisation information, requesting a key to decrypt the data to allow the data to be processed on the selected resource; and
(d) receiving, from the trusted privacy service, a key to allow the resource to decrypt the data and process the data, if the trusted privacy service determines from the policy package that the resource may process the data. - View Dependent Claims (12, 13)
-
-
14. A hardware resource for processing data, including code:
-
(a) to receive, from a resource allocation service, the confidential data bound together with a policy package setting out the privacy policy or policies associated with the data;
(b) to obtain, from a trusted localisation provider, localisation information regarding the resource;
(c) to send a message from the resource to a trusted privacy service, the message including the policy package and the localisation information, requesting a key to decrypt the data to allow the data to be processed on the selected resource; and
(d) to receive, from the trusted privacy service, a key to allow the resource to decrypt the data and process the data if the trusted privacy service determines from the policy package that the resource may process the data.
-
-
15. A method of operating a trusted privacy service including:
-
receiving, from a resource, a request to process data, the request including localisation information and a policy package defining the rules for processing the data;
requesting, from the resource, further information regarding the properties of the resource;
receiving, from the resource, the further information regarding the properties of the resource;
resolving the rules in the policy package based on the localisation information and the further information regarding the properties of the resource to determine if the resource may process the data; and
providing a key to the resource if it is determined that the resource may process the data. - View Dependent Claims (16)
-
-
17. A trusted privacy service including code:
-
to receive, from a resource, a request to process data, the request including localisation information and a policy package defining the rules for processing the data;
requesting from the resource further information regarding the properties of the resource;
to receive, from the resource, the further information regarding the properties of the resource;
to resolve the rules in the policy package based on the localisation information and the further information regarding the properties of the resource to determine if the resource may process the data; and
to provide a key to the resource if it is determined that the resource may process the data.
-
Specification