Sharemind HI (Hardware Isolation)
Services with end-to-end data protection
In a service powered by Sharemind, data owners encrypt their data on premises and upload them to Sharemind. The host of a Sharemind server cannot decrypt the values or learn anything from them. However, Sharemind can process the data without removing the protection or having access to confidential values. All results will be encrypted as well. This is called Computation on Encrypted Data or Runtime Encryption.
In addition, Sharemind ensures that no unauthorized query can be performed and only authorized users can provide data or see results. Logs are kept of all activities to keep track of queries and users.
Built-in confidentiality with Sharemind HI
The Sharemind HI Application Server provides an Application Programming Interface (API) for implementing privacy-preserving services using Trusted Execution Environments. Sharemind HI keeps track of applications, their authorized users and data.
Apps running on Sharemind HI use its APIs to request access to data. Sharemind HI enforces that each user can perform activities according to its roles. All accesses are controlled and logged by Sharemind HI.
A key feature of Sharemind HI is the standard library of privacy-preserving data analysis algorithms designed for use in Trusted Execution Environments with limited memory access. This feature allows Sharemind HI to support big data applications that balance privacy and performance.
Powered by Intel® SGX
Sharemind HI uses the Software Guard eXtensions (SGX) technology by Intel to create Trusted Execution Environments. Sharemind HI makes extensive use of the attestation feature provided by SGX. Sharemind HI customers can receive proofs that a server is running the correct versions of Sharemind HI and its applications.
Sharemind HI supports special enforcer clients who can enable or disable an application remotely based on information provided by Sharemind HI. This information can include the configured roles and software versions, but also audit logs.
See here for a list of solutions built using Sharemind HI.Sharemind HI Case Studies