Method for ensuring data localization on an ad hoc moving data network
First Claim
1. A computer-implemented method comprising:
- determining that a first balloon is at a location associated with a legally-defined geographic area in a balloon network, wherein the balloon network comprises a plurality of moveable balloons that provide service to client devices in a plurality of legally-defined geographic areas, and wherein the first balloon is one of the plurality of moveable balloons;
responsive to the determination that the first balloon is at the location associated with the legally-defined geographic area, accessing an area profile that identifies geographically-restricted data that must not be removed from physical data storage that is located in the legally-defined geographic area, wherein the geographically-restricted data is saved in at least one physical data storage that is located in the legally-defined geographic area;
determining that the first balloon contains at least some of the geographically-restricted data in physical data storage on the first balloon;
determining that the first balloon is likely to move out of the legally-defined geographic area; and
responsive to the determination that the first balloon is likely to move out of the legally-defined geographic area, (i) determining that one or more additional balloons of the plurality of moveable balloons are at a location associated with the legally-defined geographic area, (ii) determining that none of the one or more additional balloons contain the geographically-restricted data, (iii) responsive to the determination that none of the one or more additional balloons contain the geographically-restricted data, initiating a transfer of the geographically-restricted data from the first balloon to a second balloon of the one or more additional balloons, and (iv) removing the geographically-restricted data from the physical data storage on the first balloon before the first balloon exits the legally-defined geographic area.
6 Assignments
0 Petitions
Accused Products
Abstract
The present disclosure provides methods operable in a balloon network. The method can include determining that a balloon is at a location associated with a legally-defined geographic area. An area profile of the legally-defined geographic area may identify geographically-restricted data that must not be removed from the legally-defined geographic area. The method can also include determining that the balloon contains at least some of the geographically-restricted data. The method can also include determining that the balloon is likely to move out of the legally-defined geographic area. The method can also include removing the geographically-restricted data from the memory of the balloon.
39 Citations
11 Claims
-
1. A computer-implemented method comprising:
-
determining that a first balloon is at a location associated with a legally-defined geographic area in a balloon network, wherein the balloon network comprises a plurality of moveable balloons that provide service to client devices in a plurality of legally-defined geographic areas, and wherein the first balloon is one of the plurality of moveable balloons; responsive to the determination that the first balloon is at the location associated with the legally-defined geographic area, accessing an area profile that identifies geographically-restricted data that must not be removed from physical data storage that is located in the legally-defined geographic area, wherein the geographically-restricted data is saved in at least one physical data storage that is located in the legally-defined geographic area; determining that the first balloon contains at least some of the geographically-restricted data in physical data storage on the first balloon; determining that the first balloon is likely to move out of the legally-defined geographic area; and responsive to the determination that the first balloon is likely to move out of the legally-defined geographic area, (i) determining that one or more additional balloons of the plurality of moveable balloons are at a location associated with the legally-defined geographic area, (ii) determining that none of the one or more additional balloons contain the geographically-restricted data, (iii) responsive to the determination that none of the one or more additional balloons contain the geographically-restricted data, initiating a transfer of the geographically-restricted data from the first balloon to a second balloon of the one or more additional balloons, and (iv) removing the geographically-restricted data from the physical data storage on the first balloon before the first balloon exits the legally-defined geographic area. - View Dependent Claims (2, 3, 4)
-
-
5. A method operable by a first balloon in a balloon network, wherein the balloon network comprises a plurality of moveable balloons that provide service to client devices in a plurality of legally-defined geographic areas, and wherein the first balloon is one of the plurality of moveable balloons, the method comprising:
-
receiving at least a portion of geographically-restricted data in physical data storage on the first balloon when the first balloon enters a legally-defined geographic area; responsive to a determination that the first balloon entered the legally-defined geographic area, accessing an area profile that identifies geographically-restricted data that must not be removed from physical data storage that is located in the legally-defined geographic area, wherein the geographically-restricted data is saved in at least one physical data storage that is located in the legally-defined geographic area; determining that the first balloon is likely to move out of the legally-defined geographic area; and responsive to the determination that the first balloon is likely to move out of the legally-defined geographic area, (i) determining that one or more additional balloons of the plurality of moveable balloons are at a location associated with the legally-defined geographic area, (ii) determining that none of the one or more additional balloons contain the geographically-restricted data, (iii) responsive to the determination that none of the one or more additional balloons contain the geographically-restricted data, initiating a transfer of the geographically-restricted data from the first balloon to a second balloon of the one or more additional balloons, and (iv) removing the geographically-restricted data from the physical data storage on the first balloon before the first balloon exits the legally-defined geographic area. - View Dependent Claims (6, 7, 8)
-
-
9. A non-transitory computer-readable medium storing instructions that, when executed by one or more processors in a computing device, cause that computing device to perform functions, the functions comprising:
-
determining that a first balloon is at a location associated with a legally-defined geographic area in a balloon network, wherein the balloon network comprises a plurality of moveable balloons that provide service to client devices in a plurality of legally-defined geographic areas, and wherein the first balloon is one of the plurality of moveable balloons; responsive to the determination that the first balloon is at the location associated with the legally-defined geographic area, accessing an area profile that identifies geographically-restricted data that must not be removed from physical data storage that is located in the legally-defined geographic area, wherein the geographically-restricted data is saved in at least one physical data storage that is located in the legally-defined geographic area; determining that the first balloon contains at least some of the geographically-restricted data in physical data storage on the first balloon; determining that the first balloon is likely to move out of the legally-defined geographic area; and responsive to the determination that the first balloon is likely to move out of the legally-defined geographic area, (i) determining that one or more additional balloons of the plurality of moveable balloons are at a location associated with the legally-defined geographic area, (ii) determining that none of the one or more additional balloons contain the geographically-restricted data, (iii) responsive to the determination that none of the one or more additional balloons contain the geographically-restricted data, initiating a transfer of the geographically-restricted data from the first balloon to a second balloon of the one or more additional balloons, and (iv) removing the geographically-restricted data from the physical data storage on the first balloon before the first balloon exits the legally-defined geographic area.
-
-
10. The non-transitory computer-readable medium of 9, wherein determining the first balloon is likely to move out of the legally-defined geographic area comprises the functions of:
-
determining a velocity of the first balloon; based on the determined velocity of the first balloon, determining a probability that the first balloon will move out of the legally-defined geographic area; and determining that the probability that the first balloon will move out of the legally-defined geographic area is greater than a threshold probability.
-
-
11. A computer-implemented method comprising:
-
determining that a first balloon is at a location associated with a legally-defined geographic area in a balloon network, wherein the balloon network comprises a plurality of moveable balloons that provide service to client devices in a plurality of legally-defined geographic areas, and wherein the first balloon is one of the plurality of moveable balloons; responsive to the determination that the first balloon is at the location associated with the legally-defined geographic area, accessing an area profile that identifies geographically-restricted data that must not be removed from physical data storage that is located in the legally-defined geographic area, wherein the geographically-restricted data is saved in at least one physical data storage that is located in the legally-defined geographic area; determining that the first balloon contains at least some of the geographically-restricted data in physical data storage on the first balloon; encrypting the geographically-restricted data with an encryption key; determining that the first balloon is likely to move out of the legally-defined geographic area; and responsive to the determination that the first balloon is likely to move out of the legally-defined geographic area, (i) determining that one or more additional balloons of the plurality of moveable balloons are at a location associated with the legally-defined geographic area, (ii) determining that none of the one or more additional balloons contain the geographically-restricted data, (iii) responsive to the determination that none of the one or more additional balloons contain the geographically-restricted data, initiating a transfer of the geographically-restricted data from the first balloon to a second balloon of the one or more additional balloons, and (iv) removing the geographically-restricted data from the physical data storage on the first balloon before the first balloon exits the legally-defined geographic area.
-
Specification