Cosmian Microservice Encryption is an API-based solution that executes encrypted arbitrary Python code over encrypted data in a trusted execution environment (secure enclave powered by Intel SGX©) and outputs encrypted results.
Cosmian Microservice Encryption lets you compute secret algorithms over confidential data in a zero-trust environment. It also separates roles and responsibilities concerning the algorithm, the input data, and the output results, enabling complex collaborative scenarios.
Computation Owner (CO): the participant who creates the computation, chooses the other participants, and is billed by Cosmian to use the solution.
Code Provider (CP): the participant who provides the Python code. The code is sealed and can only be unsealed inside the secure enclave before execution.
Data Provider (DP): the participant who provides data as input to the algorithm. The data are sealed and can only be unsealed inside the secure enclave before executing the code.
Result Consumer (RC): the participant who is the only one capable of unsealing the output result of the code provided by the CP.
There may be multiple data providers and multiple result consumers, all operating with their own cryptographic keys.
Note that a participant can have multiple roles, for example:
- A startup that executes algorithm on third-parties data: the startup will be the Computation Owner, the Code Provider, and the Result Consumer. The third-party will be the Data Provider.
- A startup that builds AI models will be Code Provider (AI model) and Data Provider (AI parameters). In addition, a third party will be paying for the computation as the Computation Owner. Another Data Provider can provide data to the AI, and the Result Consumer will get the results.
Use cases are very diverse, from confidential collaborative calculations to outsourcing secret computations to the public cloud:
- Machine Learning model protection in an untrusted environment
- Collaborative computations involving multiple sources of confidential data which you cannot share in clear text
- Statistical analyses over encrypted data (such as max, min, and mean)
- Pattern matching over encrypted data (Yara rules)
Your company PetsOwnTheWorld specializes in Machine Learning (ML) algorithms for image recognition, and you would like to sell the use of one of your most advanced models: Dog vs. Cat. The ML algorithm takes an image as input and outputs a label, either
cat, together with the prediction probability.
Because your ML model needed hours of training and fine-grained customization, you do not want to give it in cleartext. Instead, you would prefer to provide it as a black box so that your customer can privately send input data and privately get the output results.
Cosmian Microservice Encryption allows you to outsource your algorithm while still keeping it secret and offering the same secrecy to your customer for their data. Your customer can also distinguish who provides the input data and who gets the output results.
To better understand the security guarantees provided by Cosmian Microservice Encryption, please navigate to the Security guarantees page.