Sharemind HI

Secure analysis based on Trusted Execution Environments.

Talk to our experts

Hardware Isolation

Sharemind HI is the right tool if you need to analyse data from multiple parties in a central place and keep the risk of a data breach to a minimum. Sharemind HI is a development platform for confidential analysis of data from different parties on a centralized server with full control over exposing the data and results to others. You can control what data and results are visible to whom. It gives data owners a way to remotely ensure that their data is used only in a way they agree upon, leveraging the Intel® Software Guard Extensions (Intel® SGX) and Trust Domain Extensions (Intel® TDX) technologies with its strong cryptographic protection.

A practical example where unencrypted health data resides solely on the user's phone, yet is simultaneously utilized in business decision-making. Sharemind HI uses special support by the hardware to technically enforce data protection, even against system administrators.

Sharemind HI provides all means to protect the data in transit, during processing and at rest. Sharemind HI hides most of the involved cryptography and allows the developer to focus on the functionality inside the task enclaves and on the end-user side.

Typical Use Cases

Typical ways of how Sharemind HI is used in a solution are the following:

Batch Analysis

One or many input providers upload data. The task is invoked to perform the analytics. When the task is finished, possibly after a longer time, an output consumer downloads the results. This could be done to perform some one-off analysis, or periodically ingest pseudonymised data and create reports over the de-pseudonymised data.

Outsourcing Heavy Computations

Allow users to outsource some heavy computation on confidential data in a cloud environment. For example training machine learning models based on an individual user’s data, without sharing the data or trained models with other users.

Partially Encrypted Database

Our patent-pending (patent application number 2400811.2) solution of partially encrypted database (PEDB) selectively protects the sensitive fields within an existing database. Only workloads that need to process the sensitive data need to be moved to Sharemind HI, while other workloads can remain unchanged. This approach can be used to safeguard sensitive data in existing web services or, for instance, as a platform for analyzing confidential logs.

Sharemind HI can be used in different use cases. The displayed ones are common patterns which we encountered frequently.

Safe access

Apps running on Sharemind HI use its APIs to request access to data. Sharemind HI enforces that each user can perform activities according to its roles. All accesses are controlled and logged by Sharemind HI.

Big data applications

A key feature of Sharemind HI is the standard library of privacy-preserving data analysis algorithms designed for use in Trusted Execution Environments with limited memory access. This feature allows Sharemind HI to support big data applications that balance privacy and performance.

Enforcer clients

Sharemind HI supports special enforcer clients who can enable an application remotely based on information provided by Sharemind HI. This information can include the configured roles and software versions, but also audit logs.

Powered by Intel® SGX and Intel® TDX

Sharemind HI uses the Intel® SGX technology to create Trusted Execution Environments. Sharemind HI makes extensive use of the attestation feature provided by SGX. Sharemind HI customers can receive proofs that a server is running the correct versions of Sharemind HI and its applications. The latest version of Sharemind HI can be seamlessly integrated into existing solutions. This is achieved by incorporating Intel® TDX which enables the deployment of hardware-isolated virtual machines (VM) created to safeguard sensitive data and applications from unauthorized access.

Additional documents

Sharemind HI White Paper

Download Sharemind HI white paper (.pdf)

Sharemind HI integration into UXP

Download Sharemind HI integration into UXP (.pdf)

Sharemind HI For Web Services White Paper

Download Sharemind HI For Web Services White Paper (.pdf)

Partially Encrypted Database (PEDB) Use Cases For Identity Providers

Download PEDB Use Cases For Identity Providers (.pdf)

Online Technical Documentation

Link

References

Project CoNurse for Cognuse OÜ

Data protection impact assessment for the CoNurse mobile application

Machine learning in Trusted Execution Environment (Sharemind HI)

Point-of-Care Mobile App for voice-guided nursing procedures

Project ESTAT 2019.0232 for Eurostat

A proof-of-concept solution for the secure private processing of longitudinal Mobile Network Operator data in support of official statistics.

The technology chosen for implementation was Cybernetica's Sharemind HI that uses Trusted Execution Environment.

Privacy-Enhanced Business Process Model and Notation with the open source PLEAK tool was used for mapping the cooperation model of Mobile Network Operator and National Statistics Institute.

Pilot project Cross-check of cross-roaming on the cross-border of Indonesia for Indonesian Ministry of Tourism (CORNEA)

Using roaming information from telecommunication companies to help improve official tourism statistics.

Providing information on country of origin and number of roaming devices using mobile big data.

Unique solution of air-gapped cloudless secure computing with Sharemind HI to provide privacy preserving analytics.

Sharemind MPC

Where collaboration requires confidentiality.

Read more

Did we spark your interest?

Let's talk.

Book a time for consultation.

Additional reading

Would you like to know more?

Contact our privacy technologies team:

Aiko Adamson

Aiko Adamson

Head of Software Development (Privacy Technologies)

aiko.adamson@cyber.ee

Are you OK with statistical cookies? No personalised marketing, because we value your privacy.

Read more on our privacy policy page.