Classified data processing pipeline

Data path

• AuthN & AuthZ (enclave boundary): The system authenticates and authorises inbound data before processing it. This is the first enforcement point for “trusted producer” assumptions.
• Data source: A drone or other sensor produces raw telemetry.
• Data processing pipeline (application): The application normalises and analyses validated data. This is where the workflow makes decisions and decides what to store and what to forward.
• Database: Stores metadata and durable records needed for audit and future decisions (for example, decision history and operational state).
• External analysis (optional): If policy allows, the workflow can call external systems for additional analysis. Treat this as an enclave‑to‑external federation case and keep it explicitly controlled.
• File store: Stores large artefacts (for example, raw captures or generated outputs) that do not belong in a relational database.
• Realtime output channel: Sends time‑sensitive results to downstream consumers (for example, a command‑and‑control interface).

Platform context

This flow assumes the platform capabilities described in ACRA’s layered model:

• Control plane manages enclave and application lifecycle, updates, and status visibility.
• Platform services (for example, monitoring, logging, security scanning, and key/secret management) provide the operational layer needed to run and validate the workflow.
• System and infrastructure provide the underlying compute, networking, and storage.

This below diagram shows an example data flow on ACRA: secure ingress into an enclave, application processing, and controlled output.