In the field of telecommunication, data distribution networks with various data generating sensors and devices are sometimes employed to distribute often huge amounts of data in order to provide knowledge about different locations and environments to parties needing or wanting such sensor generated information. In this context, the term “sensors” is often used to denote any entities capable of registering or measuring some measurable metric or quantity and of communicating the results, e.g. at regular intervals or upon receiving a request or some trigger information, by sending source data through the network. The source data may for example refer to some physical measure such as temperature or pressure for surveillance of an object or a space, or to some counted metric such as the number of passing cars or the like. This source data can then be processed by data processing nodes having received the source data, to produce new data derived from the source data, e.g. by performing various calculations and compilations. An illustrative example may be to receive multiple temperature measurements at regular intervals from one or more sensors and then calculating an average temperature for a certain period which is then delivered to a surveillance centre.
However, the providers of source data may in some cases want to restrict access and usage of their source data which may contain sensitive or secret information, e.g. personal information which only a limited set of parties are allowed to access. It is in that case possible to apply a policy for the data which dictates what party or node is permitted to access the source data and possibly also how the source data is permitted to be used. Naturally, more than one party or node may be permitted to access the source data. This type of policy will be referred to as “usage policy” in this description. A usage policy may comprise a set of rules which determine various restrictions and/or permissions for accessing and using the protected data.
In the following description, the term “source node” will be used to represent any sensors, counters and other entities capable of generating and communicating source data. FIG. 1 illustrates how data can be propagated through a data distribution network where source nodes denoted “SN” generate and send source data which is received by data processing nodes 102, 104. In this example, a first data processing node 102 receives source data D from three source nodes 100a. The data processing node 102 then processes the received source data in order to produce some new data D′ which is thus derived from the received source data D. The data processing node 102 sends the new data D′ to another data processing node 104 which performs more processing of the received data D′ and possibly also of source data D received from other source nodes 100b, as indicated by dashed lines in the figure.
In this way, the second data processing node 104 generates further new data D″ which is thus derived from both source data D and previously processed data D′. In this example, the second data processing node 104 delivers the resulting data D″ to a “data receiving node” 106 denoted “RN”. The nodes 102, 104 and 106 can thus be seen as direct or indirect users of the original source data D. It should be noted that both data processing nodes 102, 104 can also be regarded as data receiving nodes in this context which term is used to simply indicate that the nodes receive data from one or more preceding nodes. It can be understood that the above-illustrated distribution of data originating from various source nodes may be cascaded in any number of steps which could involve any number of nodes.
When the providers of source data want to control and restrict access to their source data by means of a usage policy, it is possible today to control enforcement of that policy in the first distribution step, i.e. for any processing or receiving node in direct communication with the source node. In the shown example of FIG. 1, the three source nodes 100a send their source data to the first data processing node 102 and are therefore able to apply and enforce their usage policies on the latter node 102, e.g. by using shared keys or the like needed to “open” the source data. For example, it is possible to employ an authentication procedure between two interconnected nodes to enforce a usage policy that regulates whether data sent from one of the nodes to the other can be accessed or not. However, a usage policy is normally bound to a specific piece of data with a given identity and once new data is derived from the source data at the receiving/processing node, it becomes a new piece of information with a new identity for which the original policy is no longer valid.
In the next distribution step of FIG. 1, the first data processing node 102 may apply and enforce its own usage policy on the newly generated data D′ when delivered to the second data processing node 104, but any usage policies of the original source data D will be lost in this step unless manually copied into the new policy of the new data D′. Further, the second data processing node 104 may likewise apply its own policy on the further processed data D″ when distributing it to other processing and/or data receiving nodes, potentially unknown to the providers of the source data.
As a result, it is a problem that providers of source data have no way of controlling how their source data is used and by what parties or nodes beyond the first distribution step. The sender of source data or processed data has thus no way of knowing if a policy of that data is enforced and followed at all subsequent receivers of the data and/or of any new data derived therefrom. Further, if a usage policy of the source data is copied at each distribution step, it is not possible for subsequent receivers to verify the origin of that usage policy and make sure that it has not been faked or manipulated along the way. Yet another problem is that it is not possible to enforce and verify different policies for different sets, or versions, of processed data originating at least partly from the same source data, e.g. when processed at different points by different processing nodes.