- Data owners encrypt each record on premises with the Sharemind importer and upload to the Sharemind Application Server cluster.
- The Sharemind hosts cannot decrypt the data.
- Instead, Sharemind utilises secure computing technology to processes data without removing the protection.
- All intermediate and final results are also encrypted and only the user making the query can decrypt them.
- Hosts and selected third parties control what can be computed and what results can be released.
The Sharemind advantage
- Use more data in your decision making, processes or research.
- Start new businesses or services based on data that you could not access before.
- Go so far beyond data protection requirements that they may not apply anymore.
- Use the better privacy guarantees as your market advantage.
- Use Sharemind developer tools to build privacy-preserving data mining solutions that integrate with your workflow.
The CSV Importer imports a CSV formatted database or Excel spreadsheet export into a Sharemind installation. CSV Importer validates input file according to a given data model description, secret shares each individual value in the CSV input file and distributes the shares among the Sharemind Application Servers in a given installation. CSV Importer is the last step, where sensitive values are available in plaintext, and therefore the tool should be used by Data Owner.
CSV Importer supports comma-, semicolon-, tab- and space-separated input files and various data types, including automatic generation of enumeration types.
Encrypted Computing Engine (three-party secure multi-party computing)
Encrypted Computing Engine is an application server and a core component of the Sharemind platform that facilitates running secure multi-party computation programs. These programs are written in the SecreC language that separates public and encrypted data work flows.
Sharemind Encrypted Computing Engine implements secure multi-party computation protocols based on 3-party additive secret sharing. Therefore, a Sharemind deployment consists of three parties, each hosting their own Encrypted Computing Engine.
Encrypted Computing Emulator
Encrypted Computing Emulator provides the same user experience as Sharemind Encrypted Computing Engine, but emulates the secure multi-party computation protocols locally without the network communication overhead. Encrypted Computing Emulator is used for developing and testing SecreC programs before deploying them on Encrypted Computing Engine.
Encrypted Computing Emulator provides performance models for secure multi-party computation protocols, so you can evaluate the running time breakdown of you SecreC programs even before deploying them on real installation.
Add-on: Web Application Gateway
Web Application Gateway provides a HTTP/HTTPS interface for your Sharemind Encrypted Computing Engine, so you can build privacy-preserving web applications, where data is encrypted in end user's browser.
Each of the three Encrypted Computing Engines needs its own Web Application Gateway that may be deployed at the same host computer. The Web Application Gateway may also handle application-specific business logic, e.g. cache input shares and starting a secure multi-party computation periodically on larger batches of input values. Sharemind Web Application Gateway is provided as a NodeJS module.
Add-on: Encrypted Storage (Embedded HDF5)
The Encrypted Storage (Embedded HDF5) provides a persistent storage layer for the Sharemind Application Servers (Encrypted Computing Engine and Emulator). It is used to store input values and computation results, both of which may be either public or encrypted.
The Encrypted Storage add-on is based on HDF5 technology, which provides an efficient column-optimised storage of high volume data.
Add-on: Encrypted NoSQL Storage (Redis adapter)
The Encrypted NoSQL Storage (Redis adapter) provides a persistent storage layer for the Sharemind Application Servers (Encrypted Computing Engine and Emulator). It is used to store input values and computation results, both of which may be either public or encrypted.
This add-on provides an efficient key-value interface for data storage. It requires a Redis backend at each Sharemind Application Server host.
Rmind is a statistical analysis suite that works on encrypted data. Rmind supports a wide variety of data manipulation and statistical functionality, including descriptive statistics, merging (joining) data tables, aggregations, statistical models as well as visualisations. Analyst will only see statistical aggregate results, while all individual values and intermediary results will stay encrypted on the Sharemind Application Server. People who have previous experience with the R language and tools can appreciate the familiarity of Rmind data mining software.
Sharemind Client API provides the necessary tools for building custom client application for the Sharemind platform and integrating secure multi-party technology into existing information systems.
|Feature||SDK & Emulator||Academic Server||Application server|
|Target users Who is the runtime designed for?||For developers||For privacy researchers||For service providers|
|Secure computation engine Security or ease of development?||Protocol emulator||Cryptographic protocols||Cryptographic protocols|
|Application development How to make it understand me?||SecreC 2 language||SecreC 2 language||SecreC 2 language|
|Deployment options Where can I use Sharemind from?||Only within the development environment||Web, mobile, desktop, server apps||Web, mobile, desktop, server apps|
|Enterprise features Which one runs in practice?||None||None||Support for database engines and access control, best performance|
|Licensing Where do I have to sign?||Open source (GPLv3)||License from Cybernetica||License from Cybernetica|
|Pricing What will it cost?||Free||Free for research use||Server-based pricing|
|Download||Request License||Request a trial|