By: Rusheb Shah, Software Engineer at R3
In 1671, a man named Thomas Blood almost managed to steal the Crown Jewels.
He achieved this by befriending the keeper of the jewels, Talbot Edwards. After gaining his trust, Blood convinced Edwards to let him into the Jewel House to show the jewels to Blood and his companions. Once the thieves had been let in, they knocked Edwards unconscious and took the jewels from right under his nose!
Why did Blood choose to steal the jewels in this way? What were his alternatives? He could have attempted to break into the Jewel House while the jewels were unattended. Alternatively, he could have waited until the jewels had to be moved, and attempted to steal them while they were being transported to their destination. In both scenarios, the jewels would have been under strong protection. It would have been nearly impossible to break into the Jewel House, and the jewels were likely to be guarded very closely while in transit. Instead, Blood took advantage of the trust he had gained to try to steal the jewels while they were most vulnerable: when the majority of their protection had been lifted.
Data exists in one of 3 states: at rest in local storage, in transit between two locations, and in use when it is being processed by applications. Jewels unattended in the vault are like data at rest, and jewels being transported to a new location can be thought of as data in transit. In both of these scenarios, modern encryption makes accessing the data infeasible.
When we want a third party to do something with our data, we have to decrypt it to allow them to use it. Third party services allow us to make the most of our data by providing software and hardware that lets us process it, but this comes with associated risk. Our data, like the jewels, is most vulnerable while in use.
Knowing this, how can we protect data that is in use while still allowing third parties to help us generate insight from it? Is there a way to leverage the power of cloud computing but protect our data from cloud providers? How can we ensure that the people using our data will not be able to misuse it in this vulnerable state?
What if Edwards had been able to place a secure, tamperproof barrier in front of the Crown Jewels, even while they were being viewed? What if he could have kept Blood bound to his promise that he only intended to view the jewels and nothing more?
In software, we can achieve this using secure enclaves, which create a trusted environment that is isolated from the operating system that hosts them. Enclaves can access and perform computations on data, while the data inside remains encrypted to the host operating system. We can cryptographically assert exactly what code is running inside our enclaves so we know that there will be no surprises.
Conclave is a platform that makes it possible (and easy) to develop secure enclaves in JVM languages, providing a simple solution for protecting data in use. You can find out more at conclave.net and docs.conclave.net.
Sign up for our newsletter to receive the latest R3 news, updates, and materials
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
|__cfruid||session||This cookie is set by the provider Cloudflare. This cookie is used for load balancing and for identifying trusted web traffic.|
|ARRAffinity||This cookie is set by websites that run on Windows Azure cloud platform. The cookie is used to affinitize a client to an instance of an Azure Web App.|
|cookielawinfo-checbox-analytics||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".|
|cookielawinfo-checbox-functional||11 months||The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".|
|cookielawinfo-checbox-others||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.|
|cookielawinfo-checkbox-necessary||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".|
|cookielawinfo-checkbox-performance||11 months||This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".|
|JSESSIONID||session||Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.|
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
|bcookie||2 years||This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.|
|lang||session||This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.|
|language||This cookie is used to store the language preference of the user.|
|lidc||1 day||This cookie is set by LinkedIn and used for routing.|
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
|_BUID||1 year||This cookie is used to store a universal user ID to identify the same user across multiple clients' domains.|
|_ga||2 years||This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.|
|_ga_1ECB5XX5W0||2 years||This cookie is installed by Google Analytics.|
|_gat_UA-87760032-2||1 minute||This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.|
|_gcl_au||3 months||This cookie is used by Google Analytics to understand user interaction with the website.|
|_gid||1 day||This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.|
|_hjAbsoluteSessionInProgress||30 minutes||No description available.|
|_hjFirstSeen||30 minutes||This is set by Hotjar to identify a new user’s first session. It stores a true/false value, indicating whether this was the first time Hotjar saw this user. It is used by Recording filters to identify new user sessions.|
|_hjid||1 year||This cookie is set by Hotjar. This cookie is set when the customer first lands on a page with the Hotjar script. It is used to persist the random user ID, unique to that site on the browser. This ensures that behavior in subsequent visits to the same site will be attributed to the same user ID.|
|_hjIncludedInPageviewSample||2 minutes||No description available.|
|_hjIncludedInSessionSample||2 minutes||No description available.|
|_uetsid||1 day||This cookies are used to collect analytical information about how visitors use the website. This information is used to compile report and improve site.|
|_ym_d||1 year||This domain of this cookie is owned by Yandex.Matrica. This cookie is used to store the date of the users first site session.|
|_ym_isad||20 hours||This domain of this cookie is owned by Yandex.Matrica. This cookie is used to collect information about the user like his characteristics, behaviour on page and targeted actions.|
|_ym_uid||1 year||This cookie is by Yandex.Metrica. This cookie is used to set a unique ID to the visitor and to collect information about how visitor use the website. Thus it help to track the user and the collected informationn is used to improve the site.|
|CONSENT||16 years 5 months 12 days 10 hours||These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.|
|pardot||past||The cookie is set when the visitor is logged in as a Pardot user.|
|vuid||2 years||This domain of this cookie is owned by Vimeo. This cookie is used by vimeo to collect tracking information. It sets a unique ID to embed videos to the website.|
|yabs-sid||session||These are cookies used by Yandex Matrica script belonging to the company Yandex. This cookies are used to measure and analyse the traffic of the website by giving information about how the users use the website.|
|yandexuid||1 year||This cookie is used to identify the users. This cookie collects information about how visitors use the website. This information is used for internal analysis and site optimization.|
|ymex||1 year||This cookie is set by yandex. This cookie is used to collect information about the user behaviour on the website. This information is used for website analysis and for website optimisation.|
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
|_fbp||3 months||This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.|
|anj||3 months||No description available.|
|bscookie||2 years||This cookie is a browser ID cookie set by Linked share Buttons and ad tags.|
|fr||3 months||The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.|
|i||10 years||The purpose of the cookie is not known yet.|
|IDE||1 year 24 days||Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.|
|MUID||1 year 24 days||Used by Microsoft as a unique identifier. The cookie is set by embedded Microsoft scripts. The purpose of this cookie is to synchronize the ID across many different Microsoft domains to enable user tracking.|
|NID||6 months||This cookie is used to a profile based on user's interest and display personalized ads to the users.|
|personalization_id||2 years||This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.|
|test_cookie||15 minutes||This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.|
|uuid2||3 months||This cookies is set by AppNexus. The cookies stores information that helps in distinguishing between devices and browsers. This information us used to select advertisements served by the platform and assess the performance of the advertisement and attribute payment for those advertisements.|
|VISITOR_INFO1_LIVE||5 months 27 days||This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.|
|YSC||session||This cookies is set by Youtube and is used to track the views of embedded videos.|
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
|_uetvid||1 year 24 days||No description available.|
|AnalyticsSyncHistory||1 month||No description|
|ARRAffinitySameSite||No description available.|
|bEkAYwpdRGcM||1 day||No description|
|LEAfgqMGWpwUs||1 day||No description|
|li_gc||2 years||No description|
|lpv413292||30 minutes||No description|
|metrika_enabled||session||No description available.|
|UserMatchHistory||1 month||Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.|
|visitor_id413292||10 years||No description|
|visitor_id413292-hash||10 years||No description|
|visitorId||1 year||No description|
|yt-remote-connected-devices||never||No description available.|
|yt-remote-device-id||never||No description available.|
|yuidss||1 year||No description available.|