A Flexible and Extensible Mass-market Applications Architecture for Optimized Location Based Services
by Dr. Sisay Chala (Fraunhofer FIT)
The GOEASY project is aimed at developing flexible and extensible mass-market application that employ signals from multi-constellation of satellites in order to provide dependable location based services (LBS). The GOEASY architecture specification adopts a component-based architectural style where the system functions are provided by a set of self-contained modules named “components”. Components communicate to each other through well-defined interfaces, which make them decoupled from each other.
With such architecture style, maximum flexibility and extensibility could be achieved since the system is not bound by certain component implementations. Instead, components could be easily replaced with new ones as long as they share the same interface. Generally speaking, a plug-in oriented architecture is being promoted within GOEASY project.
From a functional standpoint, the main components of the overall GOEASY platform are logically grouped into three main blocks: the GOEASY Privacy-aware DBMS, the GOEASY e-security Infrastructure and the GOEASY Dependable LBS.
- The GOEASY Privacy-aware DBMS stores the data provided by the users in a secure way, also providing selective, controlled access and anonymization services.
- The GOEASY e-security infrastructure provides end-to-end authentication of location information and trusted measurement and exchange of position information
- The GOEASY Dependable LBS offers innovative services based on the use or exchange of location information to promote healthier and more sustainable mobility behaviours.
From deployment point of view, on the other hand, these components shall be available on mobile devices, GOEASY cloud, and external storage and services. The GOEASY architecture specification defines how the components are deployed in these platforms and how they interact with each other. As shown in the above Picture, components deployed on mobile devices communicate with components in the GOEASY platform which, in turn, interact with external storage and services via application programming interfaces (API). The services rendered by the components of GOEASY platform are summarized as follows:
Data Access Management
Data Access Manager component provides secure access services to the data storage, i.e., it determines access permissions to the public and/or private data storage ensuring privacy services offered by the privacy aware DBMS, which provides selective, controlled access and anonymization services.
Galileo Signal Authentication and Trust Management
End-to-end position authentication integrated with identity and authentication of signals that are provided by GNSS systems. The e-security infrastructure of the GOEASY platform makes it possible to build a secure and reliable communication channel to exchange data between the GOEASY enabled apps and their twin in the cloud.
Data Anonymizer and Aggregator
Data Anonymizer and Aggregator components perform processes that ensure privacy and security of user data. As such, data in a certain geographic location are shown aggregated so that individual data are not used to indicate user density in a given location.
LBS proxy services manage requests from the GOEASY applications and from third party platforms federated with the GOEASY platform and forwards them to the specific LBS.
Communication and Synchronization
To enable and enhance the security of the communication between the mobile application and the cloud, Galileo signal authentication and trust manager implements synchronization services over secured channels.
Public Data Storage
Public data storage stores data that do not include Personal Identifiable Information (PII) on the cloud for public access, i.e., for applications that provide LBS.
Condition modeler module is in charge of processing specific criteria (e.g. air pollution) to calculate the level of air pollution for specific areas. Furthermore, considering the calculated conditions, this module must be able to calculate the “healthiest” route given 2 geographical points (departure and destination), integrating data from third party applications (e.g. AsthmaWatch data and Copernicus data).
Mobility Behavior Detection
Mobility behavior detection module is in charge of processing GNSS position data to detect the mobility pattern of a user or group of users. More specifically, this module is able to recognize the travels made by a specific user using public transportation (possibly integrating data from the municipalities or the public transportation databases).
Security services are combined transparently across different autonomous administrative domains based on common trust and technical agreements, also managing security and privacy issues related to the data flows generated by private data sources and transparently traversing different federated private/public networks. This is done by exploiting techniques to model data flows and authorization mechanisms through descriptive semantic languages, as well as access control methodologies based on open standards and leveraging on dynamic, scalable authentication and authorization mechanisms supporting multi-domain environments.