Secure and privacy-preserving data processing.

Enable powerful, secure data processing with secure MPC. Execute complex algorithms on large datasets effortlessly, thanks to cutting-edge cryptography and innovative software design. Experience seamless computing over encrypted data with Algemetric.

The Problem

Virtually everything we do generates, consumes, or transforms data in unprecedented volumes. This growth and abundance of data brings a substantial increase in security and privacy challenges. Proactive prevention of data security malpractice and adaptation to evolving legislation is now crucial. Mitigate risk, safeguard sensitive data, and avoid potential fines and reputational damage by implementing robust, privacy-by-design data solutions.

Algemetric’s Secure Data Processing Mitigates:

The Solution: Secure MPC and Datasync

Algemetric provides a general-purpose, secure computation platform for data processing. It performs computation on protected data via a combination of four distinct security measures, including encryption. The platform employs safeguards that prevent unlawful access and the processing of personal and sensitive data, as recommended by ISO 27001 and privacy regulations such as GDPR. It is suitable for applications such as confidential computing, secure analytics, secure data transfer and machine learning over encrypted datasets, going beyond partial measures for data security and privacy by employing a unique set of data protection mechanisms at all times.

Peace of mind provided by cutting-edge technologies. 

Secure Multiparty Computation (MPC)

Data security is provided by a family of multi-party computation protocols based on threshold secret sharing, where the input data is shared across multiple parties. Each share in isolation is meaningless and the data can only be recovered upon the collection of the required number of shares. The computations are performed, without revealing information about the inputs via secure channels between parties. Rigorous security measures are implemented to ensure that no unauthorized entity can control or corrupt the shares.

M2M Identity Access Management

Our proprietary M2M IAM for authenticates, authorises, and audits communication between each component and for any communication between machines. Before the security provided by secure MPC takes place, data is protected in transit – with the added benefit of real-time, always-on auditing.

How Secure MPC + Data Sync Works

Data Sync is under the customer’s control. This is the only instance where individual data points of any kind are unprotected and therefore readable. DataSync is responsible for double encrypting data and outer layer encryption. Data that leaves the customer’s infrastructure is unreadable by any unintended recipients.

 

 

Double encrypted data is securely transmitted from the customer’s infrastructure to a secure execution environment by M2M IAM. The payload between the Data Sync and the secure environment is also encrypted with a single-use, ephemeral secret key which is generated via standard key exchange protocol. Data in transit is unreadable by non-authorized parties.

 

 

In the secure execution environment, the outer encryption layer of the data is decrypted so secure computations can be performed. Confidential, personal, or sensitive plain text data are never exposed and therefore data being processed is also unreadable for non-authorized parties.

 

 

Throughout the entire application lifecycle, unintended parties cannot gain access to any data marked by the client as confidential, personal, or sensitive information.

Securely analyse large amounts of unstructured data in near-real time. Our secure MPC + Data Sync consists of three components:

 

Data Sync (DS): Software which remains under the client’s control, provided for accessing unencrypted databases on the client side. Once data is encrypted and shared, data is double encrypted using standard cryptography and transmitted to the Obscura Secure Execution Environment.

 

Secure Execution Environment (SEE): In the virtual trusted execution environment data is kept encrypted with standard symmetric cryptography. Once computation of a particular algorithm is required, the external layer of the double encryption is decrypted, which enables computation on the inner layer of the doubled encrypted data. Plain data is never exposed throughout this process.

 

API: The component responsible for requesting, receiving, and processing results from the SEE. The API only sees requests for execution of predefined algorithms and the result of these algorithms. Communication between these three components is always protected by M2M IAM.

Monetize Your Data: Reconcile data utility, security, and privacy, and enable strategic data intelligence in a secure and privacy-preserving way. Open new revenue streams from subscription-based and on-demand services.


Move Towards Regulatory Compliance: Go beyond partial data security and privacy measures by exclusively working with encrypted data at all times. Move towards data security and privacy compliance with regulations such as GDPR, CCPA and others. 


Fortify Corporate Sovereignty: Protect your control, exclusivity, ownership, and advantages by enabling collaborations in which only aggregated data is used.


Your Data Breach Shield: Data breaches can occur for a variety of reasons including product or service malfunction, unaddressed system and architecture vulnerabilities, human error, and malicious behavior. In all cases, if a data breach occurs, only encrypted data will be exposed, giving no advantage to unauthorized parties or malicious actors.

Encrypted Data Only: Not all data is sensitive and therefore not everything must be encrypted for allowing computation on encrypted data. Work with hybrid scenarios in which different data with different purposes might be protected with distinct cryptographic tools. Possess and process encrypted data for a significant data breach risk reduction.


On-Database Computation: Overide some native operations in databases for better performance and less development complexity.


Efficient Built-in Data Encoder: Most of the data handled is fractional data. Data Sync uses a fractional encoder with better efficiency than typical high-precision techniques.

Data Synchronization: DS is deployed at the customer’s infrastructure under their control and is responsible for automatic or on-demand synchronization between the unencrypted and encrypted database on an iterative and incremental basis.


Algorithm Execution: The SEE receives algorithmic instructions from the API for execution. These algorithms are pre-approved by the customer under the scope of each particular application.


Integration with Prisma: Once results are available, Data Sync can be easily integrated with our visualisation dashboard, or exported to external visualization tools.

contact

Want more details? Contact us.

Fill in the form on the side, we will get back to you shortly.

Men talking wight someone on a notebook
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.