SAP SE
Secure data processing in untrusted environments

Abstract:

Aspects of the current subject matter are directed to performing privacy-preserving analytics over sensitive data without sharing plaintext data and without requiring a trusted third party. Implementations provide for utilizing a trusted execution environment within a server to compute the privacy-preserving result. Data owners via user devices send their encrypted data directly to an enclave managed by a trusted execution environment, without the server and the cloud service provider for the server seeing the plaintext data. The enclave computes the analytics directly on the data and releases the privacy-preserving result that can be ensured by code analysis and remote attestation from all parties.