Shared data computations is requested (API / User request)
A secure process (enclave) is created on the server. Its memory is encrypted at the hardware level using the Intel SGX technology. The request parameters are placed into the enclave through the call gate (encrypted with the enclave key)
Using the query parameters, the enclave process requests data from the local database
Data from the database is moved to the enclave memory through the call gate
The enclave process accesses the enclave on the side of Partner 2 and establishes a trusted encrypted channel with the Intel SGX attestation technology. Additionally, it is important to unambiguously indicate the belonging of the applied enclave to Partner 1 and confirm the authenticity of the process launched in the enclave by the time of Attestation 2.
1. The Partner 2 enclave requests a data frame from its database. In this case, the decentralized protocol contains all permissions for the verification operation by referring to a smart contract
A data frame from the Partner 2database enters the Partner 2 enclave through the call gate by encrypting the data with the enclave key
The Partner 2 enclave sends data via a trusted channel to the Partner 1 enclave
The process in the Partner 1 enclave performs the necessary computing without exposing the data to the user
The computation results are uploaded into the specified recipient system (database or service). In this case, an SSL connection to the recipient system is established inside the enclave. The data transferred from the enclave through the call gate is encrypted with the SSL session key and cannot be accessed by the server administrator
03
A Decentralized Protocol Facilitating Efficient and Trustful Collaboration with any Parties
An EOS-based decentralized protocol
Fast transactions (thousands per second)
A solution for data access consensus problems (no central hub)
Storing participant metadata
Participants` communication does not involve Aggregion employees or other arbitrators
Global user authorization
An immutable encrypted transaction log
Data from the database is moved to the enclave memory through the call gate
04
Aggregion Logical DWH
Unified semantic layer for the partners’ data
Adapters for the most common databases: RBMS, Hive, Kafka
A unified process for fast data connection
Decentralized smart contracts for access rights control
Support of structured and semi-structured data
Metadata completeness control
Any data locations: on-premise, cloud, etc.
Secure data cross-validation of data amongst partners
05
Enterprise Readiness
Ready for collaboration amongst enterprises
Trusted and secure – an enterprise - grade decentralized protocol & the Intel SGX technology
Flexible deployment options: cloud or on-premise
Kubernetes
Advanced API for any integrations
A central administration platform
SSO, Oath
Works with many enterprise data management solutions
Aggregion has implemented a solution that many in the advertising field would’ve considered impossible. The strategy of building a decentralized platform has paved the way for the use of Confidential Computing to securely manipulate data obtained from various partners. The ability to increase the efficiency of identifying the target audience and launching campaigns has a direct correlation to the retailer’s bottom-line. The ability to do this with high accuracy and speed will be a differentiator of high strategic importance to retailers. The clever use of the blockchain technology – and the definition of the execution rules within smart contracts – makes it possible to track every transaction accurately without sharing any third-party data. Aggregion came up with a platform that not only reduces the time to identify the campaign audience, but also does this in a secure manner.
Intel SGX Hardware Trusted Runtime is a big step towards solving the fundamental trust issue in the cloud. The data management platform developed by our partners Magnit and Aggregion is an excellent example of how this technology can be used for collaboration between system participants seeking to preserve the confidentiality of data and protect their intellectual property — even in the absence of trust between the parties. Even with the advanced hardware support, building secure data processing systems is still very challenging. The SCONE platform simplifies the use of secure enclaves, allowing our partners to focus on business logic while maintaining an unprecedented level of security. We are happy to share with them our experience gained over the years of securing applications and data in the cloud.
