WO2017165948A1 - Data storage and access platform with jurisdictional control - Google Patents

Data storage and access platform with jurisdictional control Download PDF

Info

Publication number
WO2017165948A1
WO2017165948A1 PCT/CA2016/000262 CA2016000262W WO2017165948A1 WO 2017165948 A1 WO2017165948 A1 WO 2017165948A1 CA 2016000262 W CA2016000262 W CA 2016000262W WO 2017165948 A1 WO2017165948 A1 WO 2017165948A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
data
data storage
platform
access
Prior art date
Application number
PCT/CA2016/000262
Other languages
French (fr)
Inventor
Robert A. EMBLETON
Original Assignee
Cicer One Technologies Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority claimed from US15/132,165 external-priority patent/US10068098B2/en
Application filed by Cicer One Technologies Inc. filed Critical Cicer One Technologies Inc.
Publication of WO2017165948A1 publication Critical patent/WO2017165948A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0668Interfaces specially adapted for storage systems adopting a particular infrastructure
    • G06F3/067Distributed or networked storage systems, e.g. storage area networks [SAN], network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0602Interfaces specially adapted for storage systems specifically adapted to achieve a particular effect
    • G06F3/062Securing storage systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F3/00Input arrangements for transferring data to be processed into a form capable of being handled by the computer; Output arrangements for transferring data from processing unit to output unit, e.g. interface arrangements
    • G06F3/06Digital input from, or digital output to, record carriers, e.g. RAID, emulated record carriers or networked record carriers
    • G06F3/0601Interfaces specially adapted for storage systems
    • G06F3/0628Interfaces specially adapted for storage systems making use of a particular technique
    • G06F3/0662Virtualisation aspects
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1408Protection against unauthorised use of memory or access to memory by using cryptography
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F12/00Accessing, addressing or allocating within memory systems or architectures
    • G06F12/14Protection against unauthorised use of memory or access to memory
    • G06F12/1458Protection against unauthorised use of memory or access to memory by checking the subject access rights
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2111Location-sensitive, e.g. geographical location, GPS

Definitions

  • the present disclosure relates to a data storage and access platform with jurisdictional control.
  • Businesses and consumers presently engage in technological solutions that enable business operations, handle digital content, mange communications, and improve employee mobility. Businesses and consumers may embody these activities in two broad vertical methodologies: 1) implement individual Software as a Service (SaaS) applications from multiple vendors where activation of the service requires minimal technical domain knowledge, low infrastructure costs, and minimal support labor; and 2) internally develop the ability, through direct department definition or contracted services, to purchase, maintain, and provide access to applications, digital content storage, communications, and user data synchronization.
  • SaaS Software as a Service
  • the majority of business and consumer users are motivated to implement, to some degree, both methodologies to manage the diverse activities encountered in business and consumer interactions of digital solutions. However, both solutions drive inherent risks for businesses and consumers.
  • the first vertical methodology creates a risk for the user and those parties described inside the user's digital data that may see this information outside of their control, loss of data ownership, exposure to ongoing behavior monitoring, undesired jurisdictional exposure, and third party profit generation through the sale of this digital data.
  • the second vertical methodology requires significant fixed and variable overhead costs for the user in the development of all required systems and purchase/maintenance of application software. Furthermore, the second vertical methodology requires the user to monitor national and international laws to ensure control and privacy compliance. The second vertical methodology also drives the user to recreate or reproduce solutions equivalent to existing third party services, and invariably forces the user to adopt the first vertical methodology solutions in addition as to reduce implementation time during growth phases.
  • the present disclosure relates to a modular data storage and access platform with jurisdictional control including a novel SaaS privacy compliance model.
  • the platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services.
  • the platform ensures that user data is stored only within physical data storage that is jurisdictionally compliant, and access to which is directly and legally controlled by the user.
  • a turn-key platform solution which automatically enables data residency definition, ownership, privacy, automatic compliance to privacy laws within a chosen installation jurisdiction, platform embedded jurisdictionally compliant data ownership policy for SaaS vendor compliance, and ownership of encryption technology.
  • the platform provides a user administrative interface which enables creation of a virtual organization structure, from which a corresponding directory structure may be automatically generated.
  • This directory structure is created on a modular data storage device which is physically and/or legally within an organization's control. Based on the positions and departmental functions defined in the virtual organization structure, access rights to the directories are assigned to the positions and departmental functions, and automatically managed to enforce and maintain data privacy and data security.
  • the directory structure and any storage remains jurisdictionally compliant at all times.
  • any data stored within the directory structure on the modular data storage device or on any offsite data storage device is encrypted, such that only those users in positions with assigned access rights are able to access the data stored in the directory structures. Any unauthorized attempts to access, copy or move data are detected and logged, and may be automatically blocked to secure data privacy and data security.
  • SaaS vendors must be pre-approved before being allowed to offer their services on the platform, and are legally bound to the user data privacy policy for the platform. To do so, SaaS vendors will implement prescribed Application Programmers Interface ("API") that controls the flow and security of user data across the platform. The system requires very limited domain knowledge and removes the need and expense of information technology services whether that is contracted or departmental to implement software applications for the user.
  • API Application Programmers Interface
  • the platform enables approved third party value added
  • the platform provides data backup integrity comparable to existing cloud backup solutions, but which allows a user to maintain physical ownership and control of the user's data, and maintain jurisdictional compliance of the storage devices.
  • the data backup may be maintained in a secure, offsite data center providing a secure access to a private physical drive in a user-secured and legally controlled condominium storage unit accessible only to the user.
  • the platform may provide a relatively low cost technological solution for ensuring data privacy, jurisdictional control, privacy law alignment for a user while enabling access to a variety of compliant SaaS vendors.
  • FIGS. 1A to ID show a schematic block diagram of a data control platform in accordance with an illustrative embodiment.
  • FIGS. 2A to 2D show a schematic block diagram of a system control unit in accordance with an illustrative embodiment.
  • FIG. 3 shows a schematic block diagram of a user administrative control model in accordance with an illustrative embodiment.
  • FIGS. 4 A to 4D show a schematic block diagram of an admin-system interaction in accordance with an illustrative embodiment.
  • FIGS. 5A to 5D show schematic diagrams of a platform privacy server and management of remote user connections in accordance with an illustrative embodiment.
  • FIGS. 6 A to 6C show a schematic block diagram of a process schematic for user system interaction in accordance with an illustrative embodiment.
  • FIGS. 7 A to 7D show a schematic block diagram of an illustrative architecture for a privacy compliance matrix in accordance with an illustrative embodiment.
  • FIG. 8 shows a schematic flow chart of an illustrative process for applying the privacy compliance matrix when executing an application.
  • FIG. 9 shows a schematic block diagram of a generic computing device.
  • the present disclosure relates to a modular data storage and access platform with jurisdictional control.
  • the platform may provide a relatively low cost technological solution for ensuring data privacy and jurisdictional control in comparison to existing solutions.
  • FIGS. 1A to ID shown is a schematic block diagram of an illustrative architecture for a data control platform in accordance with an embodiment.
  • a system control unit SCU
  • the SCU includes data encryption control and a user resident data source.
  • the user resident data is captured by the SCU at the user premises, and is stored locally within data storage located within the home jurisdiction.
  • An optional compliant data source service provides a jurisdictionally compliant
  • the platform enables approved third party value added SaaS applications to manipulate data stored on the modular data storage, but not to take sensitive data from the platform to be stored elsewhere, without express permission.
  • Qualified SaaS providers are given access to data only after guaranteeing compliance with user ownership policies defined by the platform, including in transit data ownership integrity topography.
  • the system requires very limited domain knowledge and removes the need and expense of information technology services whether that is contracted or departmental.
  • a turn-key platform solution which automatically enables data residency definition, ownership, automatic compliance to privacy laws within chosen install jurisdiction, platform embedded jurisdictionally compliant data ownership policy, and ownership of encryption technology.
  • a user resident data source is electronically connected to a data control engine. This data control engine enables channel switching that manages data separation from the servicing application. The data control engine also controls channeling to ensure compliance with user local privacy laws. Furthermore, the data control engine manages optional channels to improve data access speed to maintain a positive user experience.
  • the data control engine is electronically connected to one or more user devices.
  • the one or more user devices may include a data control engine which manages local data services, such as network topography deployment, local revision control, data synchronization and device specific encryption.
  • the data control engine also manages data pathways such that the application can interact with data on the local hardware, or virtually through a jurisdictionally compliant source. Furthermore the data control engine enables access to user admin functions that address both user customization and corporate administrative functions.
  • Users who use the devices may interact with any application data made available on the platform, or perform data manipulation (e.g. creation, editing, deleting) from any location.
  • the platform automatically ensures compliance to local privacy laws of the SCU install jurisdiction, and maintains physical ownership of all data generated and/or manipulated. The manner in which users may access their data is explained in further detail below with reference to a privacy matrix which manages this access.
  • the platform provides data backup integrity comparable to existing technological solutions, but which maintains data security and jurisdictional control.
  • a remote active storage and data backup "condominium" storage unit may provide a 24/7 controlled access facility having shared ownership.
  • common areas and common facilities may be partially owned by the user, but managed by a management company under contract.
  • the common facilities may include, for example, a full complements of servers, routers, modems, internet service, cabling, backplanes, etc. require to support all of the individual condominium units.
  • the condominium also contains a condominium unit or compartment which physically secures user owned data media electronically accessible only to the user, and to which all user data received at the 24/7 access facility is directed.
  • only the user is provided with a key to physical access the compartment unit owned by the user.
  • the user and legal owner of the condominium unit or compartment and the user owned data media exercises the legal rights incident to ownership, including control over access and limitations on the user's data stored at the condominium facility. This ensures the ownership and control over electronic and physical access by the user, and consequently the data stored in the media as well.
  • an onsite server manages the access by creating a secure link between the user's computer and their physical storage device located at the condominium storage unit. Any data stored onsite at the condominium storage unit may also be encrypted in order to prevent unauthorized access if physical security is somehow breached.
  • the physical device located at the condominium storage unit may also include a security mechanism designed to automatically erase any data stored in the device should physical security of the device be compromised.
  • the platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services.
  • data control engine is connected to a platform privacy server, which is owned and managed by a service provider, and which enables control tools that manage the system.
  • a platform privacy server which is owned and managed by a service provider, and which enables control tools that manage the system.
  • This may include maintaining and managing a privacy compliance matrix, an application compliance matrix, and a jurisdiction compliance matrix.
  • These matrices normally involve detailed data sets that alter the data pathways for applications and thus remain compliant to privacy regulations.
  • the jurisdictional compliance matrix contains the distilled control signals that map compliance requirements of user defined jurisdictional laws and any system user's real-time location jurisdictional laws.
  • the jurisdictional compliance matrix may contain various rules on the type of data that must remain in a user's home jurisdiction, and which must not cross a jurisdictional border between two or more computer devices.
  • the jurisdictional compliance matrix contains different rules which are applied, depending on whether data is being accessed from within a given jurisdiction, or if a user is attempting to access data from another jurisdiction in which the user is currently located.
  • the jurisdictional compliance matrix may also contain rules for handling data in any intermediate jurisdiction between a user's home jurisdiction and the user's real-time location.
  • the jurisdictional compliance matrix allows the system to quickly and efficiently determine which rules must be observed and applied.
  • the rules contained in the jurisdictional compliance matrix may be updated from time- to-time, as the rules for handling data may change over time to become more restrictive, or less restrictive as the case may be.
  • the system and method further includes an application compliance matrix.
  • the application compliance matrix contains the distilled control signals that map a particular application's' data manipulation requirements in regards to how it must interact with user data with regard to storage, processing, reporting, and also considering the sensitivity of the data types.
  • the system and method considers how a particular application will interact with data stored on a user's data storage platform.
  • the system is concerned with applications that execute at least in part on the data storage and access platform, and at least in part on a device remotely located from the data storage and access platform.
  • the system and method determines how jurisdictional privacy rules may be maintained while at the same time ensuring that user data stored on the data storage and access platform remains under control of the user and is not removed from the data storage device.
  • the application compliance matrix determines how a requested application must resolve data access and execution to remain compliant with the jurisdictional privacy laws, and to maintain privacy over the user data.
  • FIG. 8 shows a schematic flow chart of an illustrative process 800 for executing an application compliance matrix when executing an application.
  • process 800 begins and at block 802 waits for a system user to launch an application.
  • the process identifies the type of data required by the application.
  • the process identifies the current location of the user.
  • the system determines whether any jurisdictions may be crossed.
  • the process identifies any privacy requirements of the originating home jurisdiction of the data, and any privacy requirements of the current jurisdiction of the user.
  • the process determines if the data access requirements of the application comply with the privacy rules of the originating and current jurisdictions. If yes, the process proceeds to decision block 816. If no, the process proceeds to decision block 814.
  • the process determines if remote control of the application on an intermediary server in the originating jurisdiction will comply. If yes, the process proceeds to block 818. If no, the process proceeds to block 820 where the process blocks access to the application from the user's device, and the process ends.
  • the process determines if the application will be processing intensive.
  • the threshold for determining whether processing is intensive may be based on a predetermined threshold for response, for example, and the estimated processing time. This threshold may be adjusted as necessary to provide an acceptable level of response to the user given the speed of the connection, and the available processing resources of the system at the time. If yes, the process proceeds to block 818, where the application will be operated via an intermediary server in the originating jurisdiction, whether remotely controlled or directly served as the case may be, and the process ends. If no, the process proceeds to block 822, where the process enables the application and data to operate on the user's device to directly access user data on the one or more data storage devices. In every case, access to the data stored on the one or more storage devices is through a connection secured by the system.
  • the application compliance matrix looks at the application a user is attempting to execute, looks at the home jurisdiction of the data and the current jurisdiction of the user, applies the privacy laws of the jurisdictions involved as populated in the jurisdictional compliance matrix, then serve the application and manage access to the user data accordingly.
  • the user account on the SCU contains the distilled control signals that map the user permissions against approved application types and the individual user's mapped relationship including permissions for network shared data and encryption keys.
  • the device services engine manages the private and secure record of the user's current geographical/jurisdictional location and reports this back to the corporate account and subsequently to the privacy matrix.
  • the privacy matrix presents an expression, in this example a boolean expression, which results in the switching logic required to enable a compliant pathway of service to the user via the data control engine and the application control engine.
  • the data control engine and platform privacy server are each electronically connected to an application control engine.
  • the application control engine connects to a remote desktop and a compliant application server, which both reside in a home jurisdiction.
  • the compliant application server retains a mirror copy of the current vendor applications offered to the User.
  • the vendor is responsible to upload and maintain these mirror copies in an active status.
  • the compliant application server sits inside the user jurisdiction and enables, as required, an application execution path that manages privacy law compliance and/or an optimized User experience.
  • application control engine is electronically connected to a vendor application server, which communicates with the application control engine.
  • the application control engine takes direction from the privacy matrix to determine the source channel used to deliver the requested application to the user.
  • the device services engine will assign the appropriate IP address that will enable the compliant application source that may be remote desktop, compliant application server, or vendor application server to respond. Communications between the vendor application server or the compliant application server or the remote desktop and the user device is via standard internet protocol.
  • the vendor application server is owned and managed by the application vendor, and its location is controlled by the application vendor. To maintain data privacy and control at the home jurisdiction, user data is not captured nor stored by the application vendor. To ensure compliance, the application vendor must be approved by the privacy platform service provider for distribution of the application via the platform, and is legally bound to the user privacy policy. Any active software supplied by the application vendor communicates through a proprietary API to properly interact with the platform.
  • FIGS. 2 A to 2D shown is a schematic block diagram of a
  • SCU System Control Unit
  • SCU comprises a number of blocks including an operation block, comprising a CPU, memory and system storage; a sentry management module, comprising a CPU, memory, and a black box storage; and a services management block, comprising a media server, an email server in/out storage, a corporate account block, and backup services.
  • the operation block manages the entire SCU functionally. For example, operations block manages data synchronization functions and polices all services activities. This block may utilize a proprietary system architecture, operating system, and internet communication protocol, such that the system is not vulnerable to viruses that may attack more common, widely distributed architectures and operating systems.
  • the operation block electronically communicates with a near field communications (NFC) block, which may be implemented to allow rapid assignment of mobile devices to a user by an administrator.
  • the user account is enabled and the administrator is able to rapidly setup or transfer accounts to new hardware.
  • the NFC process also captures the device identifier to instantly process the required encryption key.
  • the operation block electronically communicates with a plug-in encryption device, such as a 3 rd party encryption key in a USB format for example.
  • the 3 rd party encryption key may be a standalone microprocessor enabled device that generates a high-grade security encryption keys for the system.
  • the device is available through partnered and qualified 3 rd parties to enable the user to have ownership over the encryption technology. This helps to ensure that the service provider does not have unencrypted access to the user data, and any data backups are protected by the User directly.
  • the encryption key is used during boot up of the data storage platform, and may be removed after boot up. This way, if the data storage platform is powered down or unplugged, any data stored on the device is encrypted and remains inaccessible without the key.
  • the operation block electronically communicates with an
  • the operation block also electronically communicates with a network interface controller.
  • the network interface controller may control a serial/parallel internet access control block, which enables dual internet service provider lines. Once enabled, the service manages dual internet access to improve data throughput.
  • a local server may also manage multiple channels to improve throughput.
  • the broadband internet block enables mobile cell phone network based internet access, and may be used as a backup in the event of a hardware failure.
  • This alternate connection may also provide an improved user experience during an initial platform installation phase.
  • the black box management block monitors the local internet traffic looking for anomalous communication attempts to the network connection port.
  • Anomalous communication is identified as being any communication that is not the proprietary communication protocol used by the platform.
  • the black box may issues a temporary pause to the platform operation model intended to protect the model from undesired communications.
  • the black box may also proceed to communicate with the anomalous traffic in an attempt to identify the source, the intent, or the entity behind the traffic.
  • the black box will aggregate this information to the platform privacy server that may be used to further address and locate the traffic source. This information may be used to measure security breach attempts, and attempt to identify trends.
  • the services management block electronically communicates with a version control engine.
  • the version control engine is lined to a system encryption engine, and an encryption key distribution manager.
  • the version control engine electronically communicates with a user storage base management block, which in turn communicates with an options management block.
  • the options management block also electronically communicates with both the services management block, and the operation block.
  • the options management block is connected to an options interface, which enables connection via various interface options, such as wireless interface options, optical interface options and wired interface options.
  • the SCU manages virtually all options to ensure that limited user intervention is required in order to operate the platform. All optional systems and blocks are enabled through a stackable function. That is, the option is simply placed under the SCU, and the remaining setup or personalization is done through a user administration interface.
  • This "stack & go" technology may utilize both proprietary and off-the-shelf wireless communications, optical communications, and wired communications to achieve connectivity to the SCU.
  • FIG. 3 shown is a schematic block diagram of a platform privacy server in accordance with an illustrative embodiment.
  • administrative controls provided to a corporate administrator enables management of the entire corporate IT functionality via the privacy server.
  • the privacy server electronically communicates with a user control engine, which manages a user corporate account.
  • the user corporate account links to a user services interface which communicates with a payment portal.
  • the user services interface also connects to a system functions block.
  • FIGS. 4A to 4D and 5A to 5D show schematically how users may locally or remotely access data stored on the platform.
  • the SCU will communicate with a user corporate account on the platform privacy server. This communication will contain the current IP address of the SCU.
  • the communication will be encrypted using an encryption technology selected by the user as a wrapper of an enveloped public key encryption technique. Inside the wrapper is the IP address of the SCU which is copied for each user designated in the system, and each copy is encrypted by the individual user's private key. These encrypted IP addresses are stored in the corporate account, and refreshed regularly.
  • internet access may be avoided by first performing an encrypted call on a local network inside a company firewall.
  • the SCU hears the encrypted call, and the user is active and valid on the local network, then the SCU will return an encrypted internal IP address of a data storage device inside the company's local network. This allows secure communication within the company's internal network without having to access the internet. If the user is not valid on the local network, then the device services engine will contact the platform privacy server for an outside IP address as described above.
  • a jurisdictional compliance matrix may be accessed.
  • the user's device e.g. laptop, desktop PC, tablet, mobile device
  • contains a client data engine which regularly checks the connection to the SCU. If the connection is not available, the data service engine will contact the platform privacy server and the corporate account to request a new IP address. A user specific encrypted IP address is accessed from the platform privacy server and sent to the user. The data service engine will then decrypt the IP address and reconnect with the SCU.
  • the network drive definition will verify that all of the appropriate drives have been allocated, that all of the files in the drives are synchronized back to the SCU, and that the SCU has been updated with new revisions as required. All communications will continue to be encrypted in the user specific key. All data is received by the SCU in the user specific key, decrypted, and the file storage component or other data will be re-encrypted using the corporate key of the SCU for storage. When the device services engine confirms that there are sync updates on the SCU for the user, the SCU will decrypt the data file, re-encrypt into the user key, and transmit to the user upon request.
  • the device services engine manages a temporary encrypted container on the user device.
  • a temporary encrypted container on the user device.
  • the user interacts, creates, and edits content locally using a protected, encrypted container.
  • the encryption is user specific and aligns to the encryption keys provided by the SCU that is unique to each user. This encrypted container is only active during the client session, and is removed and inaccessible when a session is closed or connection to the SCU has been lost.
  • the SCU will access the jurisdictional compliance matrix to identify a jurisdictionally complaint server, and periodically transmit the SCU dataset to the server.
  • the data is transmitted using a hybrid key from the SCU corporate key, and encapsulated using a platform privacy server key.
  • the platform privacy server effectively manages remote data connections such that jurisdictionally compliant storage and transmission of data between users and the SCU is maintained at all times.
  • the system functions block allows an administrator to control and manage a number of IT functions, including active/purchased applications, network topology definitions, user administration interface, application services, encryption services, add-on options services, and service quality monitor.
  • the user administrative interface controls network associations, which also receives input from the network topology definition block.
  • Network associations is also used to define department/group associations, which receives input from the active/purchased applications block.
  • the department/group associations block populates a user matrix block.
  • the user administrative interface is adapted to enable creation of a virtual organization structure, from which a corresponding directory structure may be created.
  • the virtual organization structure is utilized by an automatic system configurator to define a corresponding file folder structure based on the system architecture.
  • the virtual organization structure is a visual representation of an organization, and enables an administrator to create, modify, or disable various associations between various departments and personnel within an organizational structure.
  • the automatic system configurator utilizes the virtual organization structure to create a corresponding data structure, including the directory structure and any necessary data network connections, which establishes relationships between the data and users.
  • the interactive data pathways established by the automatic system configurator allows data to be created, modified, deleted and shared between the users of an organization in the context of rules established by the automatic system configurator based on the virtual organization structure, and as modified by the administrator as may be necessary.
  • the virtual organization structure is dynamic, and an administrator can change the virtual organization structure in any way to suit the current needs of a particular organization.
  • the automatic system configurator then makes corresponding changes to the data structure to reflect the changes made to the virtual organization structure, including reorganizing folders, files and file names as required. However, as any changes are made, the automatic system configurator ensures that data privacy is maintained, and that only authorized users and applications enabled by the application compliance matrix are able to access the reorganized user data.
  • This directory structure is created on a modular data storage device which is physically within an organization's control. Based on the positions and departmental functions defined in the virtual organization structure, access rights to the directories are assigned to the positions and departmental functions. Once established, access to the assigned directories are automatically managed to enforce and maintain data privacy and data security. The directory structure and any offsite storage and backup remains jurisdictionally compliant at all times. [0081] In another embodiment, all data stored within the directory structure on the modular data storage device or any offsite storage device is encrypted, such that only those users in positions with assigned access rights are able to access the data stored in the directory structures. Even data stored within the same directory may be accessed and opened only by users in positions having access rights. Any unauthorized attempts to access, copy or move data are detected and logged, and may be automatically blocked to secure data privacy and data security.
  • the administrative control enables management of the entire corporate IT functionality, including network definitions, directory structures, User/group/department data share associations, application purchase/allocation, encryption services access, and system quality metrics to measure/view system efficiency and monitor corporate scalability requirements.
  • the administrative user does not require any technical domain knowledge, as all details are provided via a high level graphical interface providing effectively go - no go visuals with the ability to set targets/goals based on internal corporate planning.
  • a privacy infrastructure server may include one or more mirror server sites for operational redundancy or data throughput efficiency.
  • the privacy compliance matrix creates an association between a jurisdictional compliance matrix and an application compliance matrix.
  • the jurisdictional compliance matrix creates an association between user jurisdictional privacy laws, key data transportation limitations, and the individual user's real-time political jurisdiction.
  • the app compliance matrix creates an association between data processing modes, identification of key functions that impact data transportation by nature of operation, and user experience factors that are impacted by processing speed.
  • device services engine enables secure access of a User's corporate account and registered system infrastructure individual User accounts via the User Admin module through access to the SCU and through access of the Corporate Account module.
  • the User Admin module manages and captures the critical private information for the client company such as the network drive definition, active purchased applications, department/group associations, user accounts, and user security keys.
  • the device services engine messages the encrypted user hardware IP location to the corporate account which the privacy matrix generates the appropriate control signals that source the desired application and/or data to/from the user.
  • Each interconnected piece of user hardware will communicate through a currently established SCU IP address and a defined corporate account domain.
  • IP address is encrypted in transmission into the matrix, and converted into a domain name that identifies the specific user. A similar function occurs within the SCU, described earlier. Thus, the device operations under a hidden IP address. Transmission of IP mapping data is therefore encrypted and secure, and the platform privacy server translates the IP and domain for access.
  • an email portal connected to the privacy infrastructure server contains a proprietary email server that handles incoming and outgoing traffic direction to and from the SCU, without storing any user email locally. Data may be synchronized on a User mirror site if this feature is enabled.
  • interconnected lines and arrows represent internet communications between systems. Dashed lines indicate user owned and controlled encryption method. Solid lines indicate service provider encryption method. Double dashed lines indicate user owned encrypted software service communications.
  • a platform privacy server enables various control tools that manages the system.
  • a device service engine manages local data services such as network topography deployment, local revision control, data synchronization and device specific encryption. This also manages data pathways such that the application can interact with data on the local hardware or virtually through jurisdictionally compliant source.
  • User resident data is captured by the SCU at the user premises.
  • an SCU data mirror which is jurisdictionally compliant is offered as an optional service. In certain situations the data mirror may offer faster data access than the SCU.
  • the SCU Upon restart or detection of servicing IP Address change, the SCU will identify the current IP Address providing the active internet connection. The IP Address is then encrypted using each User's unique encryption key. This User connection information is sent encrypted to the user corporate account where it is stored until requested by the User Device Service Engine.
  • a setup application creates the corporate network through a visual interaction.
  • the administrator enters information such as the number of employees and managers.
  • the administrator creates a virtual corporate structure, in this case an organizational chart, by a) selecting from one of the preformatted templates that best align to their current structure or b) starting from a blank canvass to visually create a customized organizational chart design.
  • the administrator then creates the directory structure required by the corporation using any desired nomenclature format.
  • the directory structure is then automatically created from the nomenclature used in the organizational structure desired by the company.
  • the nomenclature may be used to generate the actual directory names so they make sense to all the users in all the departments.
  • This structure is dynamic, and may change as the administrator adds, deletes, or moves personnel or positions within the organizational structure. Once this organization structure is created by the administrator, the scope of data access and the rights of the users within the organizational structure are automatically determined by the platform.
  • the administrator can manually assign and adjust access rights on a case-by-case basis as may be appropriate.
  • This manual assignment of access rights may also be applied to project folder structures created ad hoc in order to set up temporary or longer term working areas where an existing folder structure does not provide sufficient access across corporate departments or functions.
  • the application visually guides the administrator through the process to create the network directory structure.
  • the administrator is visually guided through the finally process of connecting the directories to the position on the organizational chart and enabling access rights for each user.
  • the administrator assigned ownership to each manager or group leader to adjust the directory rights and access of direct reports.
  • FIGS. 7 A to 7D shown is a schematic block diagram of an illustrative architecture for managing a managing a privacy compliance matrix in accordance with an illustrative example.
  • a privacy compliance matrix which contains associations between the app compliance matrix and jurisdictional compliance matrix. The output of this association controls the behavior of the data control engine and the app control engine.
  • the user location data does not reveal their actual geographical location rather this is a proprietary code that is used by the app compliance matrix and jurisdictional compliance matrix to present an expression at the input of the privacy matrix.
  • the input expressions result in an output expression that switches the communication channels for the data control engine and the app control engine thereby automatically connecting the user via the device services engine to the compliant service channels. The result ensures privacy compliance for the user without any user intervention.
  • an app compliance matrix creates an association between data processing modes, identification of key functions that impact privacy by nature of operation, and user experience factors that are impacted by processing speed.
  • a device services engine manages the user's current geographic location via the location mapping module. This function of the device services engine relays a proprietary encoded encrypted value that represents the user's jurisdictional location, to the platform privacy server where the privacy matrix interprets and activates the appropriate pathways between the user, the user data, and the applications. This activation ensures the user is compliant to home jurisdictional privacy requirements.
  • the device services engine also manages the client corporate account, system administrative controls, and access to applications and services.
  • FIG. 9 shows a generic computer device 900 that may include a central processing unit (“CPU") 902 connected to a storage unit 904 and to a random access memory 906.
  • the CPU 902 may process an operating system 901 , application program 903, and data 923.
  • the operating system 901, application program 903, and data 923 may be stored in storage unit 904 and loaded into memory 906, as may be required.
  • Computer device 900 may further include a graphics processing unit (GPU) 922 which is operatively connected to CPU 902 and to memory 906 to offload intensive image processing calculations from CPU 902 and run these calculations in parallel with CPU 902.
  • An operator 907 may interact with the computer device 900 using a video display 908 connected by a video interface 905, and various input/output devices such as a keyboard 910, mouse 912, and disk drive or solid state drive 914 connected by an I/O interface 909.
  • the mouse 912 may be configured to control movement of a cursor in the video display 908, and to operate various graphical user interface (GUI) controls appearing in the video display 908 with a mouse button.
  • GUI graphical user interface
  • the disk drive or solid state drive 914 may be configured to accept computer readable media 916.
  • the computer device 900 may form part of a network via a network interface 91 1, allowing the computer device 900 to communicate through wired or wireless communications with other suitably configured data processing systems (not shown).
  • One or more other such computer devices 900 in the network may be adapted to communicate with the data storage and access platform and act as an intermediary or a proxy server between a user's device and the data storage and access platform.
  • This intermediary or a proxy server may be adapted to execute at least a part of an application which accesses user data on the data storage and access platform, and may be locally or remotely situated from the data storage and access platform.
  • the generic computer device 900 may be embodied in various form factors including desktop and laptop computers, and wireless mobile computer devices such as tablets, smart phones and super phones operating on various operating systems. It will be appreciated that the present description does not limit the size or form factor of the computing device on which the present system and method may be embodied.
  • a data storage and access platform comprising: one or more data storage units storing user data, the data storage units within a user controlled physical location in a user determined jurisdiction; a system control unit adapted to control access to the one or more data storage units; and a platform privacy server operatively connectable to the system control unit via an encrypted address, the platform privacy server adapted to execute an application compliance matrix configured to identify user data stored on the one or more data storage units and required by an application executing at least in part on the data storage and access platform and at least in part on a device remotely located from the data storage and access platform; wherein the platform privacy server allows encrypted access to the user data stored on the data storage and access platform via an encrypted address and manipulation of the user data by the application without removal of the user data from the one or more data storage units only upon confirmation that the user data accessed by the application remains jurisdictionally compliant.
  • the data storage and access platform further comprises a user interface for creation of a virtual corporate structure from which a corresponding directory structure is generated on the one or more data storage units.
  • the platform is further adapted to authorize access to the user data in the directory structure on the one or more data storage units based on corporate departments or functions defined in the virtual corporate structure.
  • any user data stored within the directory structure on the one or more data storage units is encrypted, such that only those users in positions with authorized access are able to access the user data stored in the directory structures over compliant pathways.
  • the platform is further adapted to detect unauthorized attempts to access, copy or move user data, and to automatically block access attempted over non-compliant pathways.
  • the platform is further adapted to determine the type of user data to which access is attempted, and to selectively block access dependent upon the type of user data if the user data would not remain jurisdictionally compliant.
  • the platform includes a jurisdiction compliance matrix.
  • the jurisdictional compliance matrix contains distilled control signals that map compliance requirements of user defined jurisdictional laws and any system user's real-time location jurisdictional laws.
  • the application compliance matrix contains distilled control signals that map a particular application's' data manipulation requirements in regards to how it must interact with user data with regard to storage, processing, reporting, and also considering the privacy sensitivity of the data types.
  • the application compliance matrix maps the two input matrices to produce summation signals that define how a requested application must resolve execution to remain compliant against the jurisdictional privacy laws.
  • the data storage and access platform further comprises an offsite data storage device controlled by the user that is jurisdictionally compliant with the jurisdiction in which the one or more data storage units are located, and wherein the platform privacy server is adapted to provide a secure link between the system control unit and a user access controlled storage device located at the offsite data storage location such that encrypted user data may be stored to the offsite location for redundancy.
  • the encrypted user data stored in the offsite data storage location is encrypted by user controlled encryption technology.
  • the offsite data storage device is owned by the user, and physically located in a data storage condominium in a user determined political jurisdiction.
  • the offsite data storage device is accessible to the user, and removable by the user from the data storage condominium.
  • the platform is adapted to receive a plug-in encryption device for encrypting all user data on the one or more data storage units.
  • the plug-in encryption device comprises a standalone microprocessor enabled device adapted to generate high-grade security encryption keys for the platform.
  • the encryption keys generated by the plug-in encryption device for the platform are required to access the platform via any local or remote network.
  • the encryption keys generated by the plug-in encryption key is used to encrypt user data stored on an offsite data storage device.
  • the platform privacy server executing the application compliance matrix is further configured to define authorized access pathways for the execution of a user-called SaaS application only upon confirmation that the requested access pathway handling of user data is jurisdictionally compliant.
  • the application compliance matrix is adapted to process the jurisdiction and local privacy laws in which the one or more data storage units are located, the jurisdiction from which a remote user is seeking access, and the nature of the user data being requested by a software as a service (SaaS) application.
  • SaaS software as a service
  • the platform privacy server is adapted to permit access to software as a service (SaaS) application providers who are in compliance with user data policies, including manipulation and storage of any user data in accordance with jurisdictional privacy laws via the application compliance matrix.
  • SaaS software as a service

Abstract

There is disclosed a modular data storage and access platform with jurisdictional control. The platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services. In an embodiment, the platform enables approved third party value added SaaS applications to manipulate data stored on the modular data storage without removing the data from the platform.

Description

DATA STORAGE AND ACCESS PLATFORM
WITH JURISDICTIONAL CONTROL
FIELD
The present disclosure relates to a data storage and access platform with jurisdictional control. BACKGROUND
[0001] Businesses and consumers presently engage in technological solutions that enable business operations, handle digital content, mange communications, and improve employee mobility. Businesses and consumers may embody these activities in two broad vertical methodologies: 1) implement individual Software as a Service (SaaS) applications from multiple vendors where activation of the service requires minimal technical domain knowledge, low infrastructure costs, and minimal support labor; and 2) internally develop the ability, through direct department definition or contracted services, to purchase, maintain, and provide access to applications, digital content storage, communications, and user data synchronization. To a broad extent, the majority of business and consumer users are motivated to implement, to some degree, both methodologies to manage the diverse activities encountered in business and consumer interactions of digital solutions. However, both solutions drive inherent risks for businesses and consumers. [0002] The first vertical methodology creates a risk for the user and those parties described inside the user's digital data that may see this information outside of their control, loss of data ownership, exposure to ongoing behavior monitoring, undesired jurisdictional exposure, and third party profit generation through the sale of this digital data.
[0003] The second vertical methodology requires significant fixed and variable overhead costs for the user in the development of all required systems and purchase/maintenance of application software. Furthermore, the second vertical methodology requires the user to monitor national and international laws to ensure control and privacy compliance. The second vertical methodology also drives the user to recreate or reproduce solutions equivalent to existing third party services, and invariably forces the user to adopt the first vertical methodology solutions in addition as to reduce implementation time during growth phases.
[0004] What is needed is an improved technological solution that overcomes at least some of these limitations. SUMMARY
[0005] The present disclosure relates to a modular data storage and access platform with jurisdictional control including a novel SaaS privacy compliance model.
[0006] In an aspect, the platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services. In other words, the platform ensures that user data is stored only within physical data storage that is jurisdictionally compliant, and access to which is directly and legally controlled by the user.
[0007] In an embodiment, a turn-key platform solution is provided which automatically enables data residency definition, ownership, privacy, automatic compliance to privacy laws within a chosen installation jurisdiction, platform embedded jurisdictionally compliant data ownership policy for SaaS vendor compliance, and ownership of encryption technology.
[0008] In another embodiment, the platform provides a user administrative interface which enables creation of a virtual organization structure, from which a corresponding directory structure may be automatically generated. This directory structure is created on a modular data storage device which is physically and/or legally within an organization's control. Based on the positions and departmental functions defined in the virtual organization structure, access rights to the directories are assigned to the positions and departmental functions, and automatically managed to enforce and maintain data privacy and data security. The directory structure and any storage remains jurisdictionally compliant at all times.
[0009] In another embodiment, any data stored within the directory structure on the modular data storage device or on any offsite data storage device is encrypted, such that only those users in positions with assigned access rights are able to access the data stored in the directory structures. Any unauthorized attempts to access, copy or move data are detected and logged, and may be automatically blocked to secure data privacy and data security.
[0010] In another embodiment, SaaS vendors must be pre-approved before being allowed to offer their services on the platform, and are legally bound to the user data privacy policy for the platform. To do so, SaaS vendors will implement prescribed Application Programmers Interface ("API") that controls the flow and security of user data across the platform. The system requires very limited domain knowledge and removes the need and expense of information technology services whether that is contracted or departmental to implement software applications for the user. [0011] In another embodiment, the platform enables approved third party value added
SaaS applications to manipulate data stored on the modular data storage or in a trusted jurisdictional compliant source, or through a trusted temporary processing instance, but not to copy user data in the platform to be stored elsewhere, without express permission and only through access of restricted API functions. [0012] In another embodiment, the platform provides data backup integrity comparable to existing cloud backup solutions, but which allows a user to maintain physical ownership and control of the user's data, and maintain jurisdictional compliance of the storage devices. By way of example, the data backup may be maintained in a secure, offsite data center providing a secure access to a private physical drive in a user-secured and legally controlled condominium storage unit accessible only to the user. [0013] Advantageously, the platform may provide a relatively low cost technological solution for ensuring data privacy, jurisdictional control, privacy law alignment for a user while enabling access to a variety of compliant SaaS vendors.
[0014] In this respect, before explaining at least one embodiment of the system and method of the present disclosure in detail, it is to be understood that the present system and method is not limited in its application to the details of construction and to the arrangements of the components set forth in the following description or illustrated in the drawings. The present system and method is capable of other embodiments and of being practiced and carried out in various ways. Also, it is to be understood that the phraseology and terminology employed herein are for the purpose of description and should not be regarded as limiting.
BRIEF DESCRIPTION OF THE DRAWINGS
[0015] FIGS. 1A to ID show a schematic block diagram of a data control platform in accordance with an illustrative embodiment.
[0016] FIGS. 2A to 2D show a schematic block diagram of a system control unit in accordance with an illustrative embodiment.
[0017] FIG. 3 shows a schematic block diagram of a user administrative control model in accordance with an illustrative embodiment.
[0018] FIGS. 4 A to 4D show a schematic block diagram of an admin-system interaction in accordance with an illustrative embodiment. [0019] FIGS. 5A to 5D show schematic diagrams of a platform privacy server and management of remote user connections in accordance with an illustrative embodiment.
[0020] FIGS. 6 A to 6C show a schematic block diagram of a process schematic for user system interaction in accordance with an illustrative embodiment. [0021] FIGS. 7 A to 7D show a schematic block diagram of an illustrative architecture for a privacy compliance matrix in accordance with an illustrative embodiment.
[0022] FIG. 8 shows a schematic flow chart of an illustrative process for applying the privacy compliance matrix when executing an application. [0023] FIG. 9 shows a schematic block diagram of a generic computing device.
DETAILED DESCRIPTION
[0024] As noted above, the present disclosure relates to a modular data storage and access platform with jurisdictional control. Advantageously, the platform may provide a relatively low cost technological solution for ensuring data privacy and jurisdictional control in comparison to existing solutions.
[0025] An illustrative embodiment of the platform will now be described in more detail with reference to the figures.
Platform Architecture
[0026] Referring to FIGS. 1A to ID, shown is a schematic block diagram of an illustrative architecture for a data control platform in accordance with an embodiment. As shown, a system control unit (SCU) is physically located within a user defined jurisdiction (e.g. a national or political home jurisdiction). The SCU includes data encryption control and a user resident data source. The user resident data is captured by the SCU at the user premises, and is stored locally within data storage located within the home jurisdiction.
[0027] An optional compliant data source service provides a jurisdictionally compliant
SCU data mirror to provide redundancy and data protection, but the data mirror stays within the boundaries of the home jurisdiction to remain compliant with all jurisdictional laws.
[0028] In an embodiment, the platform enables approved third party value added SaaS applications to manipulate data stored on the modular data storage, but not to take sensitive data from the platform to be stored elsewhere, without express permission. Qualified SaaS providers are given access to data only after guaranteeing compliance with user ownership policies defined by the platform, including in transit data ownership integrity topography. The system requires very limited domain knowledge and removes the need and expense of information technology services whether that is contracted or departmental.
[0029] In another embodiment, a turn-key platform solution is provided which automatically enables data residency definition, ownership, automatic compliance to privacy laws within chosen install jurisdiction, platform embedded jurisdictionally compliant data ownership policy, and ownership of encryption technology. [0030] In an embodiment, a user resident data source is electronically connected to a data control engine. This data control engine enables channel switching that manages data separation from the servicing application. The data control engine also controls channeling to ensure compliance with user local privacy laws. Furthermore, the data control engine manages optional channels to improve data access speed to maintain a positive user experience. [0031] In an embodiment, the data control engine is electronically connected to one or more user devices. The one or more user devices may include a data control engine which manages local data services, such as network topography deployment, local revision control, data synchronization and device specific encryption. The data control engine also manages data pathways such that the application can interact with data on the local hardware, or virtually through a jurisdictionally compliant source. Furthermore the data control engine enables access to user admin functions that address both user customization and corporate administrative functions.
[0032] Users who use the devices may interact with any application data made available on the platform, or perform data manipulation (e.g. creation, editing, deleting) from any location. The platform automatically ensures compliance to local privacy laws of the SCU install jurisdiction, and maintains physical ownership of all data generated and/or manipulated. The manner in which users may access their data is explained in further detail below with reference to a privacy matrix which manages this access. Offsite Data Storage & Backup
[0033] In another embodiment, the platform provides data backup integrity comparable to existing technological solutions, but which maintains data security and jurisdictional control.
[0034] By way of example, a remote active storage and data backup "condominium" storage unit may provide a 24/7 controlled access facility having shared ownership.
[0035] In this condominium model, common areas and common facilities may be partially owned by the user, but managed by a management company under contract. The common facilities may include, for example, a full complements of servers, routers, modems, internet service, cabling, backplanes, etc. require to support all of the individual condominium units.
[0036] The condominium also contains a condominium unit or compartment which physically secures user owned data media electronically accessible only to the user, and to which all user data received at the 24/7 access facility is directed. In an embodiment, only the user is provided with a key to physical access the compartment unit owned by the user. Thus, the user and legal owner of the condominium unit or compartment and the user owned data media exercises the legal rights incident to ownership, including control over access and limitations on the user's data stored at the condominium facility. This ensures the ownership and control over electronic and physical access by the user, and consequently the data stored in the media as well.
[0037] In order for a user to remotely access their physical drive in the condominium storage unit, an onsite server manages the access by creating a secure link between the user's computer and their physical storage device located at the condominium storage unit. Any data stored onsite at the condominium storage unit may also be encrypted in order to prevent unauthorized access if physical security is somehow breached.
[0038] In another embodiment, the physical device located at the condominium storage unit may also include a security mechanism designed to automatically erase any data stored in the device should physical security of the device be compromised. Jurisdictional Privacy Compliance
[0039] In another aspect, the platform ensures alignment of jurisdictional compliance between a user, national laws, and associated data through pre-scripted data channeling and handling during execution of application provider business services and/or sharing and synchronizing data between approved parties, encapsulated though user defined encryption technology, while ensuring physical and legal ownership and defined residency of user data with solution enablement free of technical complexity or need of special education/training or need of information technology services.
[0040] While prior art systems have attempted to prevent data from crossing jurisdictions in the context of a data cloud, the present system and method approaches data privacy from the point of view of the application, and establishes physical control over user data within the user's home jurisdiction.
[0041] As an illustrative example, referring back to the data control engine, in an embodiment, data control engine is connected to a platform privacy server, which is owned and managed by a service provider, and which enables control tools that manage the system. This may include maintaining and managing a privacy compliance matrix, an application compliance matrix, and a jurisdiction compliance matrix. These matrices normally involve detailed data sets that alter the data pathways for applications and thus remain compliant to privacy regulations.
[0042] In an embodiment, the jurisdictional compliance matrix contains the distilled control signals that map compliance requirements of user defined jurisdictional laws and any system user's real-time location jurisdictional laws. Thus, for example, the jurisdictional compliance matrix may contain various rules on the type of data that must remain in a user's home jurisdiction, and which must not cross a jurisdictional border between two or more computer devices. The jurisdictional compliance matrix contains different rules which are applied, depending on whether data is being accessed from within a given jurisdiction, or if a user is attempting to access data from another jurisdiction in which the user is currently located. The jurisdictional compliance matrix may also contain rules for handling data in any intermediate jurisdiction between a user's home jurisdiction and the user's real-time location. Thus, depending on the context in which data is being accessed, the jurisdictional compliance matrix allows the system to quickly and efficiently determine which rules must be observed and applied. The rules contained in the jurisdictional compliance matrix may be updated from time- to-time, as the rules for handling data may change over time to become more restrictive, or less restrictive as the case may be.
[0043] In an embodiment, the system and method further includes an application compliance matrix. The application compliance matrix contains the distilled control signals that map a particular application's' data manipulation requirements in regards to how it must interact with user data with regard to storage, processing, reporting, and also considering the sensitivity of the data types. In other words, the system and method considers how a particular application will interact with data stored on a user's data storage platform. In this context, the system is concerned with applications that execute at least in part on the data storage and access platform, and at least in part on a device remotely located from the data storage and access platform.
[0044] From this application centric perspective, the system and method determines how jurisdictional privacy rules may be maintained while at the same time ensuring that user data stored on the data storage and access platform remains under control of the user and is not removed from the data storage device. Thus, applying the rules populated within the jurisdictional compliance matrix, the application compliance matrix determines how a requested application must resolve data access and execution to remain compliant with the jurisdictional privacy laws, and to maintain privacy over the user data.
[0045] By way of an illustrative example, FIG. 8 shows a schematic flow chart of an illustrative process 800 for executing an application compliance matrix when executing an application. As shown, process 800 begins and at block 802 waits for a system user to launch an application. At block 804 the process identifies the type of data required by the application. At block 806, the process identifies the current location of the user. At decision block 808, the system determines whether any jurisdictions may be crossed. At block 810, the process identifies any privacy requirements of the originating home jurisdiction of the data, and any privacy requirements of the current jurisdiction of the user. At decision block 812, the process determines if the data access requirements of the application comply with the privacy rules of the originating and current jurisdictions. If yes, the process proceeds to decision block 816. If no, the process proceeds to decision block 814.
[0046] At decision block 814, the process determines if remote control of the application on an intermediary server in the originating jurisdiction will comply. If yes, the process proceeds to block 818. If no, the process proceeds to block 820 where the process blocks access to the application from the user's device, and the process ends.
[0047] At block 816, the process determines if the application will be processing intensive. The threshold for determining whether processing is intensive may be based on a predetermined threshold for response, for example, and the estimated processing time. This threshold may be adjusted as necessary to provide an acceptable level of response to the user given the speed of the connection, and the available processing resources of the system at the time. If yes, the process proceeds to block 818, where the application will be operated via an intermediary server in the originating jurisdiction, whether remotely controlled or directly served as the case may be, and the process ends. If no, the process proceeds to block 822, where the process enables the application and data to operate on the user's device to directly access user data on the one or more data storage devices. In every case, access to the data stored on the one or more storage devices is through a connection secured by the system.
[0048] In summary, the application compliance matrix looks at the application a user is attempting to execute, looks at the home jurisdiction of the data and the current jurisdiction of the user, applies the privacy laws of the jurisdictions involved as populated in the jurisdictional compliance matrix, then serve the application and manage access to the user data accordingly.
[0049] In an embodiment, the user account on the SCU contains the distilled control signals that map the user permissions against approved application types and the individual user's mapped relationship including permissions for network shared data and encryption keys. The device services engine manages the private and secure record of the user's current geographical/jurisdictional location and reports this back to the corporate account and subsequently to the privacy matrix. The privacy matrix presents an expression, in this example a boolean expression, which results in the switching logic required to enable a compliant pathway of service to the user via the data control engine and the application control engine.
[0050] In an embodiment, the data control engine and platform privacy server are each electronically connected to an application control engine. The application control engine connects to a remote desktop and a compliant application server, which both reside in a home jurisdiction. The compliant application server retains a mirror copy of the current vendor applications offered to the User. The vendor is responsible to upload and maintain these mirror copies in an active status. The compliant application server, sits inside the user jurisdiction and enables, as required, an application execution path that manages privacy law compliance and/or an optimized User experience.
[0051] In an embodiment, application control engine is electronically connected to a vendor application server, which communicates with the application control engine. The application control engine takes direction from the privacy matrix to determine the source channel used to deliver the requested application to the user. When the user calls the application the device services engine will assign the appropriate IP address that will enable the compliant application source that may be remote desktop, compliant application server, or vendor application server to respond. Communications between the vendor application server or the compliant application server or the remote desktop and the user device is via standard internet protocol. The vendor application server is owned and managed by the application vendor, and its location is controlled by the application vendor. To maintain data privacy and control at the home jurisdiction, user data is not captured nor stored by the application vendor. To ensure compliance, the application vendor must be approved by the privacy platform service provider for distribution of the application via the platform, and is legally bound to the user privacy policy. Any active software supplied by the application vendor communicates through a proprietary API to properly interact with the platform.
System Control Unit
[0052] Now referring to FIGS. 2 A to 2D, shown is a schematic block diagram of a
System Control Unit (SCU) in accordance with an illustrative embodiment. As shown, SCU comprises a number of blocks including an operation block, comprising a CPU, memory and system storage; a sentry management module, comprising a CPU, memory, and a black box storage; and a services management block, comprising a media server, an email server in/out storage, a corporate account block, and backup services. [0053] The operation block manages the entire SCU functionally. For example, operations block manages data synchronization functions and polices all services activities. This block may utilize a proprietary system architecture, operating system, and internet communication protocol, such that the system is not vulnerable to viruses that may attack more common, widely distributed architectures and operating systems. [0054] In an embodiment, the operation block electronically communicates with a near field communications (NFC) block, which may be implemented to allow rapid assignment of mobile devices to a user by an administrator. The user account is enabled and the administrator is able to rapidly setup or transfer accounts to new hardware. The NFC process also captures the device identifier to instantly process the required encryption key. [0055] In another embodiment, the operation block electronically communicates with a plug-in encryption device, such as a 3rd party encryption key in a USB format for example. The 3rd party encryption key may be a standalone microprocessor enabled device that generates a high-grade security encryption keys for the system. The device is available through partnered and qualified 3 rd parties to enable the user to have ownership over the encryption technology. This helps to ensure that the service provider does not have unencrypted access to the user data, and any data backups are protected by the User directly.
[0056] In an embodiment, the encryption key is used during boot up of the data storage platform, and may be removed after boot up. This way, if the data storage platform is powered down or unplugged, any data stored on the device is encrypted and remains inaccessible without the key. [0057] In another embodiment, the operation block electronically communicates with an
I/O interface controller, which in turn controls one or more USB ports. The operation block also electronically communicates with a network interface controller.
[0058] The network interface controller may control a serial/parallel internet access control block, which enables dual internet service provider lines. Once enabled, the service manages dual internet access to improve data throughput. A local server may also manage multiple channels to improve throughput.
[0059] In an embodiment, the broadband internet block enables mobile cell phone network based internet access, and may be used as a backup in the event of a hardware failure. This alternate connection may also provide an improved user experience during an initial platform installation phase.
[0060] Referring back to the sentry management module in the drawings, in an embodiment, the black box management block monitors the local internet traffic looking for anomalous communication attempts to the network connection port. Anomalous communication is identified as being any communication that is not the proprietary communication protocol used by the platform.
[0061] In an embodiment, the black box may issues a temporary pause to the platform operation model intended to protect the model from undesired communications. The black box may also proceed to communicate with the anomalous traffic in an attempt to identify the source, the intent, or the entity behind the traffic. The black box will aggregate this information to the platform privacy server that may be used to further address and locate the traffic source. This information may be used to measure security breach attempts, and attempt to identify trends.
[0062] Referring now to the services management block, in an embodiment, the services management block electronically communicates with a version control engine. The version control engine is lined to a system encryption engine, and an encryption key distribution manager. [0063] In an embodiment, the version control engine electronically communicates with a user storage base management block, which in turn communicates with an options management block. The options management block also electronically communicates with both the services management block, and the operation block. [0064] In an embodiment, the options management block is connected to an options interface, which enables connection via various interface options, such as wireless interface options, optical interface options and wired interface options.
[0065] In summary, the SCU manages virtually all options to ensure that limited user intervention is required in order to operate the platform. All optional systems and blocks are enabled through a stackable function. That is, the option is simply placed under the SCU, and the remaining setup or personalization is done through a user administration interface. This "stack & go" technology may utilize both proprietary and off-the-shelf wireless communications, optical communications, and wired communications to achieve connectivity to the SCU.
Remote Data Access [0066] Now referring to FIG. 3, shown is a schematic block diagram of a platform privacy server in accordance with an illustrative embodiment. As shown in this illustrative example, administrative controls provided to a corporate administrator enables management of the entire corporate IT functionality via the privacy server. The privacy server electronically communicates with a user control engine, which manages a user corporate account. The user corporate account links to a user services interface which communicates with a payment portal. The user services interface also connects to a system functions block.
[0067] As an illustrative example, FIGS. 4A to 4D and 5A to 5D show schematically how users may locally or remotely access data stored on the platform. Periodically, the SCU will communicate with a user corporate account on the platform privacy server. This communication will contain the current IP address of the SCU. The communication will be encrypted using an encryption technology selected by the user as a wrapper of an enveloped public key encryption technique. Inside the wrapper is the IP address of the SCU which is copied for each user designated in the system, and each copy is encrypted by the individual user's private key. These encrypted IP addresses are stored in the corporate account, and refreshed regularly.
[0068] In an alternative embodiment, internet access may be avoided by first performing an encrypted call on a local network inside a company firewall. In this case, if the SCU hears the encrypted call, and the user is active and valid on the local network, then the SCU will return an encrypted internal IP address of a data storage device inside the company's local network. This allows secure communication within the company's internal network without having to access the internet. If the user is not valid on the local network, then the device services engine will contact the platform privacy server for an outside IP address as described above. [0069] In the course of determining whether remote access should be permitted, a jurisdictional compliance matrix may be accessed. Depending on various factors, such as the level of user authentication, the nature of the data for which access is sought, and the location from which the user is seeking remote access may all be used to determine whether the platform privacy server allows the requested data access to proceed. [0070] In an embodiment, the user's device (e.g. laptop, desktop PC, tablet, mobile device) contains a client data engine which regularly checks the connection to the SCU. If the connection is not available, the data service engine will contact the platform privacy server and the corporate account to request a new IP address. A user specific encrypted IP address is accessed from the platform privacy server and sent to the user. The data service engine will then decrypt the IP address and reconnect with the SCU.
[0071] Once the data service engine is connected, the network drive definition will verify that all of the appropriate drives have been allocated, that all of the files in the drives are synchronized back to the SCU, and that the SCU has been updated with new revisions as required. All communications will continue to be encrypted in the user specific key. All data is received by the SCU in the user specific key, decrypted, and the file storage component or other data will be re-encrypted using the corporate key of the SCU for storage. When the device services engine confirms that there are sync updates on the SCU for the user, the SCU will decrypt the data file, re-encrypt into the user key, and transmit to the user upon request. [0072] In an embodiment, the device services engine manages a temporary encrypted container on the user device. As a user is interacting with files on the SCU, in order to improve system performance, the user interacts, creates, and edits content locally using a protected, encrypted container. The encryption is user specific and aligns to the encryption keys provided by the SCU that is unique to each user. This encrypted container is only active during the client session, and is removed and inaccessible when a session is closed or connection to the SCU has been lost.
[0073] If a corporate account has arranged off-premises storage and backup (for example to a condominium storage unit as described earlier), the SCU will access the jurisdictional compliance matrix to identify a jurisdictionally complaint server, and periodically transmit the SCU dataset to the server. In an embodiment, the data is transmitted using a hybrid key from the SCU corporate key, and encapsulated using a platform privacy server key.
[0074] By managing encrypted IP addresses utilizing public and private keys, by utilizing a jurisdictional compliance matrix to authorize any requested connections, and by providing each user with a unique access profile utilizing a private key specific to the user, the platform privacy server effectively manages remote data connections such that jurisdictionally compliant storage and transmission of data between users and the SCU is maintained at all times.
[0075] Still referring to FIGS. 4A to 4D and 5A to 5D, in an embodiment, the system functions block allows an administrator to control and manage a number of IT functions, including active/purchased applications, network topology definitions, user administration interface, application services, encryption services, add-on options services, and service quality monitor.
[0076] In an embodiment, the user administrative interface controls network associations, which also receives input from the network topology definition block. Network associations is also used to define department/group associations, which receives input from the active/purchased applications block. The department/group associations block populates a user matrix block. [0077] In an embodiment, the user administrative interface is adapted to enable creation of a virtual organization structure, from which a corresponding directory structure may be created. The virtual organization structure is utilized by an automatic system configurator to define a corresponding file folder structure based on the system architecture. [0078] In an embodiment, the virtual organization structure is a visual representation of an organization, and enables an administrator to create, modify, or disable various associations between various departments and personnel within an organizational structure. The automatic system configurator utilizes the virtual organization structure to create a corresponding data structure, including the directory structure and any necessary data network connections, which establishes relationships between the data and users. The interactive data pathways established by the automatic system configurator allows data to be created, modified, deleted and shared between the users of an organization in the context of rules established by the automatic system configurator based on the virtual organization structure, and as modified by the administrator as may be necessary. [0079] The virtual organization structure is dynamic, and an administrator can change the virtual organization structure in any way to suit the current needs of a particular organization. The automatic system configurator then makes corresponding changes to the data structure to reflect the changes made to the virtual organization structure, including reorganizing folders, files and file names as required. However, as any changes are made, the automatic system configurator ensures that data privacy is maintained, and that only authorized users and applications enabled by the application compliance matrix are able to access the reorganized user data.
[0080] This directory structure is created on a modular data storage device which is physically within an organization's control. Based on the positions and departmental functions defined in the virtual organization structure, access rights to the directories are assigned to the positions and departmental functions. Once established, access to the assigned directories are automatically managed to enforce and maintain data privacy and data security. The directory structure and any offsite storage and backup remains jurisdictionally compliant at all times. [0081] In another embodiment, all data stored within the directory structure on the modular data storage device or any offsite storage device is encrypted, such that only those users in positions with assigned access rights are able to access the data stored in the directory structures. Even data stored within the same directory may be accessed and opened only by users in positions having access rights. Any unauthorized attempts to access, copy or move data are detected and logged, and may be automatically blocked to secure data privacy and data security.
[0082] Thus, in summary, the administrative control enables management of the entire corporate IT functionality, including network definitions, directory structures, User/group/department data share associations, application purchase/allocation, encryption services access, and system quality metrics to measure/view system efficiency and monitor corporate scalability requirements. Advantageously, the administrative user does not require any technical domain knowledge, as all details are provided via a high level graphical interface providing effectively go - no go visuals with the ability to set targets/goals based on internal corporate planning. Autonomous Privacy
[0083] Now referring to FIGS. 5A to 5D and 7A to 7D, shown is a schematic block diagram of a user administrative control, data control, and autonomous privacy model in accordance with an illustrative embodiment. As shown, a privacy infrastructure server may include one or more mirror server sites for operational redundancy or data throughput efficiency. In an embodiment, the privacy compliance matrix creates an association between a jurisdictional compliance matrix and an application compliance matrix. The jurisdictional compliance matrix creates an association between user jurisdictional privacy laws, key data transportation limitations, and the individual user's real-time political jurisdiction. The app compliance matrix creates an association between data processing modes, identification of key functions that impact data transportation by nature of operation, and user experience factors that are impacted by processing speed.
[0084] In an embodiment, device services engine enables secure access of a User's corporate account and registered system infrastructure individual User accounts via the User Admin module through access to the SCU and through access of the Corporate Account module. The User Admin module manages and captures the critical private information for the client company such as the network drive definition, active purchased applications, department/group associations, user accounts, and user security keys. [0085] Still referring to FIGS. 5A to 5D and also referring to FIG. 3, in an embodiment, the device services engine messages the encrypted user hardware IP location to the corporate account which the privacy matrix generates the appropriate control signals that source the desired application and/or data to/from the user. Each interconnected piece of user hardware will communicate through a currently established SCU IP address and a defined corporate account domain.
[0086] IP address is encrypted in transmission into the matrix, and converted into a domain name that identifies the specific user. A similar function occurs within the SCU, described earlier. Thus, the device operations under a hidden IP address. Transmission of IP mapping data is therefore encrypted and secure, and the platform privacy server translates the IP and domain for access.
[0087] In an embodiment, an email portal connected to the privacy infrastructure server contains a proprietary email server that handles incoming and outgoing traffic direction to and from the SCU, without storing any user email locally. Data may be synchronized on a User mirror site if this feature is enabled. [0088] Now referring to FIGS. 6A to 6C and referring back to FIGS. 4A to 4D, shown is a schematic block diagram of a process schematic for user system interaction in accordance with an embodiment. In this schematic diagram, interconnected lines and arrows represent internet communications between systems. Dashed lines indicate user owned and controlled encryption method. Solid lines indicate service provider encryption method. Double dashed lines indicate user owned encrypted software service communications.
[0089] As shown, a platform privacy server enables various control tools that manages the system. A device service engine manages local data services such as network topography deployment, local revision control, data synchronization and device specific encryption. This also manages data pathways such that the application can interact with data on the local hardware or virtually through jurisdictionally compliant source.
[0090] User resident data is captured by the SCU at the user premises. In an embodiment, an SCU data mirror which is jurisdictionally compliant is offered as an optional service. In certain situations the data mirror may offer faster data access than the SCU.
[0091] Upon restart or detection of servicing IP Address change, the SCU will identify the current IP Address providing the active internet connection. The IP Address is then encrypted using each User's unique encryption key. This User connection information is sent encrypted to the user corporate account where it is stored until requested by the User Device Service Engine.
[0092] In an embodiment, a setup application creates the corporate network through a visual interaction. The administrator enters information such as the number of employees and managers. The administrator creates a virtual corporate structure, in this case an organizational chart, by a) selecting from one of the preformatted templates that best align to their current structure or b) starting from a blank canvass to visually create a customized organizational chart design. The administrator then creates the directory structure required by the corporation using any desired nomenclature format.
[0093] The directory structure is then automatically created from the nomenclature used in the organizational structure desired by the company. The nomenclature may be used to generate the actual directory names so they make sense to all the users in all the departments. This structure is dynamic, and may change as the administrator adds, deletes, or moves personnel or positions within the organizational structure. Once this organization structure is created by the administrator, the scope of data access and the rights of the users within the organizational structure are automatically determined by the platform.
[0094] While an organizational chart is provided as an illustrative example, it will be appreciated that other types of virtual corporate structures, whether based on organizational hierarchy or business processes, may also be created. A directory structure which then supports the virtual corporate structure may then be generated by the platform.
[0095] In an embodiment, where automatically assigned access rights are not appropriate, the administrator can manually assign and adjust access rights on a case-by-case basis as may be appropriate. This manual assignment of access rights may also be applied to project folder structures created ad hoc in order to set up temporary or longer term working areas where an existing folder structure does not provide sufficient access across corporate departments or functions.
[0096] The application visually guides the administrator through the process to create the network directory structure. The administrator is visually guided through the finally process of connecting the directories to the position on the organizational chart and enabling access rights for each user. The administrator assigned ownership to each manager or group leader to adjust the directory rights and access of direct reports.
[0097] Now referring to FIGS. 7 A to 7D, shown is a schematic block diagram of an illustrative architecture for managing a managing a privacy compliance matrix in accordance with an illustrative example.
[0098] In an embodiment, a privacy compliance matrix is created which contains associations between the app compliance matrix and jurisdictional compliance matrix. The output of this association controls the behavior of the data control engine and the app control engine. The user location data does not reveal their actual geographical location rather this is a proprietary code that is used by the app compliance matrix and jurisdictional compliance matrix to present an expression at the input of the privacy matrix. The input expressions result in an output expression that switches the communication channels for the data control engine and the app control engine thereby automatically connecting the user via the device services engine to the compliant service channels. The result ensures privacy compliance for the user without any user intervention. [0099] In another embodiment, an app compliance matrix creates an association between data processing modes, identification of key functions that impact privacy by nature of operation, and user experience factors that are impacted by processing speed.
[00100] In another embodiment, a device services engine manages the user's current geographic location via the location mapping module. This function of the device services engine relays a proprietary encoded encrypted value that represents the user's jurisdictional location, to the platform privacy server where the privacy matrix interprets and activates the appropriate pathways between the user, the user data, and the applications. This activation ensures the user is compliant to home jurisdictional privacy requirements. The device services engine also manages the client corporate account, system administrative controls, and access to applications and services.
[00101] Now referring to FIG. 9, the present system and method may be practiced in various embodiments. A suitably configured generic computer device, and associated communications networks, devices, software and firmware may provide a platform for enabling one or more embodiments as described above. By way of example, FIG. 9 shows a generic computer device 900 that may include a central processing unit ("CPU") 902 connected to a storage unit 904 and to a random access memory 906. The CPU 902 may process an operating system 901 , application program 903, and data 923. The operating system 901, application program 903, and data 923 may be stored in storage unit 904 and loaded into memory 906, as may be required. Computer device 900 may further include a graphics processing unit (GPU) 922 which is operatively connected to CPU 902 and to memory 906 to offload intensive image processing calculations from CPU 902 and run these calculations in parallel with CPU 902. An operator 907 may interact with the computer device 900 using a video display 908 connected by a video interface 905, and various input/output devices such as a keyboard 910, mouse 912, and disk drive or solid state drive 914 connected by an I/O interface 909. In known manner, the mouse 912 may be configured to control movement of a cursor in the video display 908, and to operate various graphical user interface (GUI) controls appearing in the video display 908 with a mouse button. The disk drive or solid state drive 914 may be configured to accept computer readable media 916. The computer device 900 may form part of a network via a network interface 91 1, allowing the computer device 900 to communicate through wired or wireless communications with other suitably configured data processing systems (not shown). One or more other such computer devices 900 in the network may be adapted to communicate with the data storage and access platform and act as an intermediary or a proxy server between a user's device and the data storage and access platform. This intermediary or a proxy server may be adapted to execute at least a part of an application which accesses user data on the data storage and access platform, and may be locally or remotely situated from the data storage and access platform.
[00102] The generic computer device 900 may be embodied in various form factors including desktop and laptop computers, and wireless mobile computer devices such as tablets, smart phones and super phones operating on various operating systems. It will be appreciated that the present description does not limit the size or form factor of the computing device on which the present system and method may be embodied.
[00103] Thus, in an aspect, there is provided a data storage and access platform, comprising: one or more data storage units storing user data, the data storage units within a user controlled physical location in a user determined jurisdiction; a system control unit adapted to control access to the one or more data storage units; and a platform privacy server operatively connectable to the system control unit via an encrypted address, the platform privacy server adapted to execute an application compliance matrix configured to identify user data stored on the one or more data storage units and required by an application executing at least in part on the data storage and access platform and at least in part on a device remotely located from the data storage and access platform; wherein the platform privacy server allows encrypted access to the user data stored on the data storage and access platform via an encrypted address and manipulation of the user data by the application without removal of the user data from the one or more data storage units only upon confirmation that the user data accessed by the application remains jurisdictionally compliant.
[00104] In an embodiment, the data storage and access platform further comprises a user interface for creation of a virtual corporate structure from which a corresponding directory structure is generated on the one or more data storage units. [00105] In another embodiment, the platform is further adapted to authorize access to the user data in the directory structure on the one or more data storage units based on corporate departments or functions defined in the virtual corporate structure.
[00106] In another embodiment, any user data stored within the directory structure on the one or more data storage units is encrypted, such that only those users in positions with authorized access are able to access the user data stored in the directory structures over compliant pathways.
[00107] In another embodiment, the platform is further adapted to detect unauthorized attempts to access, copy or move user data, and to automatically block access attempted over non-compliant pathways.
[00108] In another embodiment, the platform is further adapted to determine the type of user data to which access is attempted, and to selectively block access dependent upon the type of user data if the user data would not remain jurisdictionally compliant.
[00109] In another embodiment, the platform includes a jurisdiction compliance matrix. [00110] In another embodiment, the jurisdictional compliance matrix contains distilled control signals that map compliance requirements of user defined jurisdictional laws and any system user's real-time location jurisdictional laws.
[00111] In another embodiment, the application compliance matrix contains distilled control signals that map a particular application's' data manipulation requirements in regards to how it must interact with user data with regard to storage, processing, reporting, and also considering the privacy sensitivity of the data types.
[00112] In another embodiment, the application compliance matrix maps the two input matrices to produce summation signals that define how a requested application must resolve execution to remain compliant against the jurisdictional privacy laws. [00113] In an embodiment, the data storage and access platform further comprises an offsite data storage device controlled by the user that is jurisdictionally compliant with the jurisdiction in which the one or more data storage units are located, and wherein the platform privacy server is adapted to provide a secure link between the system control unit and a user access controlled storage device located at the offsite data storage location such that encrypted user data may be stored to the offsite location for redundancy.
[00114] In another embodiment, the encrypted user data stored in the offsite data storage location is encrypted by user controlled encryption technology. [00115] In another embodiment, the offsite data storage device is owned by the user, and physically located in a data storage condominium in a user determined political jurisdiction.
[00116] In another embodiment, the offsite data storage device is accessible to the user, and removable by the user from the data storage condominium.
[00117] In another embodiment, the platform is adapted to receive a plug-in encryption device for encrypting all user data on the one or more data storage units.
[00118] In another embodiment, the plug-in encryption device comprises a standalone microprocessor enabled device adapted to generate high-grade security encryption keys for the platform.
[00119] In another embodiment, the encryption keys generated by the plug-in encryption device for the platform are required to access the platform via any local or remote network.
[00120] In another embodiment, the encryption keys generated by the plug-in encryption key is used to encrypt user data stored on an offsite data storage device.
[00121] In another embodiment, the platform privacy server executing the application compliance matrix is further configured to define authorized access pathways for the execution of a user-called SaaS application only upon confirmation that the requested access pathway handling of user data is jurisdictionally compliant.
[00122] In another embodiment, the application compliance matrix is adapted to process the jurisdiction and local privacy laws in which the one or more data storage units are located, the jurisdiction from which a remote user is seeking access, and the nature of the user data being requested by a software as a service (SaaS) application.
[00123] In another embodiment, the platform privacy server is adapted to permit access to software as a service (SaaS) application providers who are in compliance with user data policies, including manipulation and storage of any user data in accordance with jurisdictional privacy laws via the application compliance matrix.
[00124] While illustrative embodiments of the invention have been described above, it will be appreciate that various changes and modifications may be made without departing from the scope of the present invention.

Claims

CLAIMS:
1. A data storage and access platform, comprising: one or more data storage units storing user data, the data storage units within a user controlled physical location in a user determined jurisdiction; a system control unit adapted to control access to the one or more data storage units; and a platform privacy server operatively connectable to the system control unit via an encrypted address, the platform privacy server adapted to execute an application compliance matrix configured to identify user data stored on the one or more data storage units required by an application executing at least in part on the data storage and access platform, and at least in part on a device remotely located from the data storage and access platform; wherein the platform privacy server allows encrypted access to the user data stored on the data storage and access platform via an encrypted address and manipulation of the user data by the application without removal of the user data from an originating jurisdiction only upon confirmation that the user data accessed by the application remains jurisdictionally compliant.
2. The data storage and access platform of claim 1, further comprising a user interface for creation of a virtual corporate structure from which a corresponding directory structure is generated on the one or more data storage units.
3. The data storage and access platform of claim 2, wherein the platform is further adapted to authorize access to the user data in the directory structure on the one or more data storage units based on corporate departments or functions defined in the virtual corporate structure.
4. The data storage and access platform of claim 2, wherein any user data stored within the directory structure on the one or more data storage units is encrypted, such that only those users in positions with authorized access are able to access the user data stored in the directory structures over compliant pathways.
5. The data storage and access platform of claim 2, wherein the platform is further adapted to detect unauthorized attempts to access, copy or move user data, and to automatically block access attempted over non-compliant pathways.
6. The data storage and access platform of claim 2, wherein the platform is further adapted to determine the type of user data to which access is attempted, and to selectively block access dependent upon the type of user data if the user data would not remain jurisdictionally compliant.
7. The data storage and access platform of claim 2, wherein the platform includes a jurisdiction compliance matrix accessible to the application compliance matrix.
8. The data storage and access platform of claim 7, wherein the jurisdictional compliance matrix contains distilled control signals that map compliance requirements of user defined jurisdictional laws and any system user's real-time location jurisdictional laws.
9. The data storage and access platform of claim 7, wherein the application compliance matrix contains distilled control signals that map a particular application's' data manipulation requirements in regards to how it must interact with user data with regard to storage, processing, reporting, and also considering the privacy sensitivity of the data types.
10. The data storage and access platform of claim 9, wherein the application compliance matrix maps the two input matrices to produce summation signals that define how a requested application must resolve execution to remain compliant against the jurisdictional privacy laws.
1 1. The data storage and access platform of claim 1 , further comprising an offsite data storage device controlled by the user that is jurisdictionally compliant with the jurisdiction in which the one or more data storage units are located, and wherein the platform privacy server is adapted to provide a secure link between the system control unit and a user access controlled storage device located at the offsite data storage location such that encrypted user data may be stored to the offsite location for redundancy.
12. The data storage and access platform of claim 11, wherein the encrypted user data stored in the offsite data storage location is encrypted by user controlled encryption technology.
13. The data storage and access platform of claim 1 1, wherein the offsite data storage device is owned by the user, and physically located in a data storage condominium in a user determined political jurisdiction.
14. The data storage and access platform of claim 13, wherein the offsite data storage device is accessible to the user, and removable by the user from the data storage condominium.
15. The data storage and access platform of claim 1, wherein the platform is adapted to receive a plug-in encryption device for encrypting all user data on the one or more data storage units.
16. The data storage and access platform of claim 15, wherein the plug-in encryption device comprises a standalone microprocessor enabled device adapted to generate high-grade security encryption keys for the platform.
17. The data storage and access platform of claim 15, wherein the encryption keys generated by the plug-in encryption device for the platform are required to access the platform via any local or remote network.
18. The data storage and access platform of claim 15, wherein the encryption keys generated by the plug-in encryption key is used to encrypt user data stored on an offsite data storage device.
19. The data storage and access platform of claim 1 , wherein the platform privacy server executing the application compliance matrix is further configured to define authorized access pathways for the execution of a user-called SaaS application only upon confirmation that the requested access pathway handling of user data is jurisdictionally compliant.
20. The data storage and access platform of claim 1, wherein the application compliance matrix is adapted to process the jurisdiction and local privacy laws in which the one or more data storage units are located, the jurisdiction from which a remote user is seeking access, and the nature of the user data being requested by a software as a service (SaaS) application.
21. The data storage and access platform of claim 1 , wherein the platform privacy server is adapted to permit access to software as a service (Saas) application providers who are in compliance with user data policies, including manipulation and storage of any user data in accordance with jurisdictional privacy laws via the application compliance matrix.
PCT/CA2016/000262 2016-03-28 2016-10-17 Data storage and access platform with jurisdictional control WO2017165948A1 (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US201662314056P 2016-03-28 2016-03-28
US62/314,056 2016-03-28
US15/132,165 2016-04-18
US15/132,165 US10068098B2 (en) 2015-04-17 2016-04-18 Data storage and access platform with jurisdictional control

Publications (1)

Publication Number Publication Date
WO2017165948A1 true WO2017165948A1 (en) 2017-10-05

Family

ID=59962312

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CA2016/000262 WO2017165948A1 (en) 2016-03-28 2016-10-17 Data storage and access platform with jurisdictional control

Country Status (1)

Country Link
WO (1) WO2017165948A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110300289A (en) * 2019-07-31 2019-10-01 北京中安国通科技有限公司 Video security management system and method
US20200341876A1 (en) * 2019-04-23 2020-10-29 Avanade Holdings Llc Cross-jurisdictional microservice-based cloud platform deployment
CN115987628A (en) * 2022-12-22 2023-04-18 北京云澈科技有限公司 Method, device, processor and storage medium for monitoring and accessing violation policies based on network flow and firewall configuration

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020120477A1 (en) * 2001-02-09 2002-08-29 Robert Jefferson Jinnett System and method for supporting legally-compliant automated regulated services and/or products in connection with multi-jurisdictional transactions
US20050055560A1 (en) * 2001-11-22 2005-03-10 Michael Kendon Portable storage device for storing and accessing personal data
US20050075983A1 (en) * 2003-10-07 2005-04-07 Danny St.-Denis Method of, and system for enforcing jurisdiction in online services
US20050120137A1 (en) * 2000-02-18 2005-06-02 Moulton Gregory H. System and method for intelligent, globally distributed network storage
US20090187770A1 (en) * 2006-02-09 2009-07-23 Atmel Corporation Data Security Including Real-Time Key Generation
US20100146595A1 (en) * 2007-04-05 2010-06-10 Invicta Networks, Inc Networking computers access control system and method
US20120303776A1 (en) * 2011-05-27 2012-11-29 James Michael Ferris Methods and systems for data compliance management associated with cloud migration events
US20130019089A1 (en) * 2011-07-15 2013-01-17 International Business Machines Corporation Applying settings in a cloud computing environment based on geographical region
US20140373182A1 (en) * 2013-06-14 2014-12-18 Salesforce.Com, Inc. Systems and methods of automated compliance with data privacy laws
US20150020213A1 (en) * 2013-06-04 2015-01-15 Edmond Scientific Company Method and apparatus generating and applying security labels to sensitive data

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050120137A1 (en) * 2000-02-18 2005-06-02 Moulton Gregory H. System and method for intelligent, globally distributed network storage
US20020120477A1 (en) * 2001-02-09 2002-08-29 Robert Jefferson Jinnett System and method for supporting legally-compliant automated regulated services and/or products in connection with multi-jurisdictional transactions
US20050055560A1 (en) * 2001-11-22 2005-03-10 Michael Kendon Portable storage device for storing and accessing personal data
US20050075983A1 (en) * 2003-10-07 2005-04-07 Danny St.-Denis Method of, and system for enforcing jurisdiction in online services
US20090187770A1 (en) * 2006-02-09 2009-07-23 Atmel Corporation Data Security Including Real-Time Key Generation
US20100146595A1 (en) * 2007-04-05 2010-06-10 Invicta Networks, Inc Networking computers access control system and method
US20120303776A1 (en) * 2011-05-27 2012-11-29 James Michael Ferris Methods and systems for data compliance management associated with cloud migration events
US20130019089A1 (en) * 2011-07-15 2013-01-17 International Business Machines Corporation Applying settings in a cloud computing environment based on geographical region
US20150020213A1 (en) * 2013-06-04 2015-01-15 Edmond Scientific Company Method and apparatus generating and applying security labels to sensitive data
US20140373182A1 (en) * 2013-06-14 2014-12-18 Salesforce.Com, Inc. Systems and methods of automated compliance with data privacy laws

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20200341876A1 (en) * 2019-04-23 2020-10-29 Avanade Holdings Llc Cross-jurisdictional microservice-based cloud platform deployment
CN110300289A (en) * 2019-07-31 2019-10-01 北京中安国通科技有限公司 Video security management system and method
CN115987628A (en) * 2022-12-22 2023-04-18 北京云澈科技有限公司 Method, device, processor and storage medium for monitoring and accessing violation policies based on network flow and firewall configuration

Similar Documents

Publication Publication Date Title
US10068098B2 (en) Data storage and access platform with jurisdictional control
AU2020200073B2 (en) Method and apparatus for multi-tenancy secrets management
US10021143B2 (en) Method and apparatus for multi-tenancy secrets management in multiple data security jurisdiction zones
US9948619B2 (en) System and method for encryption key management in a mixed infrastructure stream processing framework
CN110535833B (en) Data sharing control method based on block chain
CN104838630B (en) Application program management based on strategy
CN102947797B (en) The online service using directory feature extending transversely accesses and controls
US20200356536A1 (en) Method and devices for enabling data governance using policies triggered by metadata in multi-cloud environments
CN111406260B (en) Object storage system with secure object replication
US11693591B2 (en) Multi cloud data framework for secure data access and portability
CN105378649A (en) Multiple authority data security and access
CN104871172A (en) Orchestration framework for connected devices
CN104903910A (en) Controlling mobile device access to secure data
KR20140093716A (en) Method of securing a computing device
US10887085B2 (en) System and method for controlling usage of cryptographic keys
US20180115535A1 (en) Blind En/decryption for Multiple Clients Using a Single Key Pair
KR101219662B1 (en) Security system of cloud service and method thereof
CN103020543B (en) A kind of virtual disk reflection encryption handling system and method
CN103535007A (en) Managed authentication on a distributed network
US11190549B2 (en) Method and devices for enabling portability of data and client between cloud service providers
WO2017165948A1 (en) Data storage and access platform with jurisdictional control
CN106685994A (en) Cloud GIS (Geographic Information System) resource access control method based on GIS role grade permission
CN113901507B (en) Multi-party resource processing method and privacy computing system
CN116745766A (en) Secure memory sharing
Resende et al. Enforcing privacy and security in public cloud storage

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16895762

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 16895762

Country of ref document: EP

Kind code of ref document: A1