Method of processing data to enable external storage thereof with minimized risk of information leakage
First Claim
1. A computer program product to control a memory space within a virtual execution framework, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code executable by a hardware processor to perform a method comprising:
- receiving from a first one of a plurality of computers, a first data set independently possessed by the first computer to a memory space which is under control of the virtual execution framework;
receiving from a second one of the plurality of computers, a second data set independently possessed by the second computer to a memory space which is under control of the virtual execution framework;
receiving, under control of the virtual execution framework, a calculation module to a memory space which is under control of the virtual execution framework, by one of;
the first computer, the second computer, or a third computer;
forcing, under control of the virtual execution framework, one of;
the first computer, the second computer, or the third computer to calculate a combined data set from the first data set and the second data set using the calculation module;
receiving from the first computer a first encryption module controllable only by the first computer to a memory space which is under control of the first computer;
receiving from the second computer a second encryption module controllable only by the second computer to a memory space which is under control of the virtual execution framework;
forcing, under control of the virtual execution framework, the second computer to encrypt the combined data set using the second encryption module;
causing the first computer to dual-encrypt the combined data set encrypted by the second encryption module using the first encryption module; and
causing the dual-encrypted combined data set to be transported to an external storage by the first computer or the second computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method is provided to process data so that the data can be externally stored with minimized risk of information leakage. A framework (virtual execution framework) based on virtual machines (VMs) is utilized as a substitute for a trusted institution. Encryption of consolidated data can reduce risk of information leakage and enhance security. Since the virtual execution framework can control connection and direction of communication, financial institutions are allowed to apply encryption to data on their own, which makes the data further appropriate for external storage. By allowing financial institutions to apply their own decryption, it is possible to prevent one of two financial institutions from retrieving externally stored data into the external execution framework without intervention of the other. Additionally, associated acting subjects can be provided with freedom depending on the degree of information leakage risk.
13 Citations
20 Claims
-
1. A computer program product to control a memory space within a virtual execution framework, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code executable by a hardware processor to perform a method comprising:
-
receiving from a first one of a plurality of computers, a first data set independently possessed by the first computer to a memory space which is under control of the virtual execution framework; receiving from a second one of the plurality of computers, a second data set independently possessed by the second computer to a memory space which is under control of the virtual execution framework; receiving, under control of the virtual execution framework, a calculation module to a memory space which is under control of the virtual execution framework, by one of;
the first computer, the second computer, or a third computer;forcing, under control of the virtual execution framework, one of;
the first computer, the second computer, or the third computer to calculate a combined data set from the first data set and the second data set using the calculation module;receiving from the first computer a first encryption module controllable only by the first computer to a memory space which is under control of the first computer; receiving from the second computer a second encryption module controllable only by the second computer to a memory space which is under control of the virtual execution framework; forcing, under control of the virtual execution framework, the second computer to encrypt the combined data set using the second encryption module; causing the first computer to dual-encrypt the combined data set encrypted by the second encryption module using the first encryption module; and causing the dual-encrypted combined data set to be transported to an external storage by the first computer or the second computer. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A device for controlling a memory space within a virtual execution framework, the device comprising:
-
at least one hardware processor; at least one memory operably connected to the at least one hardware processor; and a program of instruction encoded on the at least one memory and executed by the at least one hardware processor to; provide a plurality of unit spaces to or from which data and modules can be uploaded or downloaded by a plurality of computers; permit setting of an entity that is granted access to each of the plurality of unit spaces; control direction of communication between data and modules uploaded in one unit space and data and modules uploaded in another unit space in the plurality of unit spaces; control the flow in and out of at least two of the plurality of unit spaces; and control connection and direction of communication between data and modules uploaded in one unit space and data and modules uploaded in another unit space, the unit spaces including unit spaces under control of the plurality of computers and unit spaces in the memory space controlled by the virtual execution framework. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer program product to control a memory space within a virtual execution framework, the computer program product comprising a non-transitory computer readable storage medium having program code embodied therewith, the program code executable by a hardware processor to perform a method comprising:
-
providing a plurality of unit spaces to or from which data and modules can be uploaded or downloaded by a plurality of computers; permitting setting of an entity that is granted access to each of the plurality of unit spaces; controlling the direction of communication between data and modules uploaded in one unit space and data and modules uploaded in another unit space in the plurality of unit spaces; controlling the flow in and out of at least two of the plurality of unit spaces; and controlling connection and direction of communication between data and modules uploaded in one unit space and data and modules uploaded in another unit space, the unit spaces including unit spaces under control of the plurality of computers and unit spaces in the memory space controlled by the virtual execution framework. - View Dependent Claims (19, 20)
-
Specification