Intro

The architectural challenge was enabling major enterprises to securely collaborate on data without disclosing it. They needed user-level operations for analytics and activation, but none could expose internal datasets. We addressed this with a decentralized design: sensitive operations executed inside TEEs, while a blockchain layer governed permissions and audit. No raw data ever moved between companies. Each organization ran its own instance on its own infrastructure, and all interaction remained client-to-client. We built the platform but were not part of the multi-party processing loop.

Confidential Data Processing Technology

The diagram shows how two parties execute a joint computation inside TEEs without exposing their underlying data. Each enclave retrieves its own permitted records, establishes an attested encrypted channel with the other enclave, and sends only the required identifiers or allowed fields. The computation runs entirely inside encrypted memory, and only the final encrypted result leaves the enclave. Neither side ever sees the other’s raw data.

1. A shared-data computation is initiated through an API or user request.
2. The server creates a secure enclave process. Its memory is hardware-encrypted (Intel SGX), and request parameters enter the enclave through the call gate, encrypted with the enclave key.
3. Using these parameters, the enclave requests the required data from the local database.
4. The local data is delivered into enclave memory through the call gate, encrypted with the enclave key.
5. The enclave then contacts Partner 2’s enclave and establishes a trusted encrypted channel via Intel SGX remote attestation. Attestation confirms both enclave identities and verifies that Partner 1’s enclave is running the expected code.
6. The Partner 2 enclave requests its own dataset according to the permissions defined in the decentralized protocol and referenced via a smart contract.
7. Partner 2’s data enters its enclave through the call gate, encrypted with the enclave key.
8. Partner 2’s enclave transmits the authorized data to Partner 1’s enclave through the trusted channel.
9. Partner 1’s enclave performs the computation, keeping all data isolated from the host environment.
10. The enclave sends the results to the designated destination system (database or service). The SSL connection is established inside the enclave; data leaving the enclave through the call gate is encrypted with the SSL session key and is not accessible to the server administrator.

Data Marketplace and Logical DWH

The diagram shows how the data marketplace operates across multiple companies. A unified semantic layer describes partner datasets in a consistent way, forming a logical data warehouse — a virtual catalog that lets participants understand what data exists without accessing the data itself. Each participant exposes descriptions of its datasets into a shared catalog, along with the terms under which those datasets may be used. Other companies discover these datasets, request access under the specified conditions, and connect their own data sources through the same marketplace layer. Approved datasets can then be combined or analyzed inside isolated DataLab environments, or exchanged peer-to-peer under controlled rules, while all underlying data remains within each company’s infrastructure.

Unified semantic layer for partner data
A common vocabulary and structural model that allows datasets from different organizations to be described, queried, and combined consistently, regardless of their internal schemas.

Adapters for common data sources (RDBMS, Hive, Kafka, etc.)
Built-in connectors that let companies link their existing storage systems directly to the platform without restructuring data or modifying their infrastructure.

Unified process for fast data onboarding
Standardized procedures for publishing datasets, defining access rules, and exposing metadata, enabling new data sources to be connected quickly and predictably.

Decentralized smart contracts for access control
Permissions and usage rules are stored on-chain, providing a tamper-resistant mechanism to govern who can request which datasets and under what conditions.

Support for structured and semi-structured data
The system handles a wide range of data formats—from relational tables to JSON-like event streams—through a single semantic interface.

Metadata completeness and consistency checks
Automated validation ensures datasets are described with sufficient detail (schemas, fields, units, lineage, etc.) to support accurate cross-company processing.

Flexible deployment across any environment
Data can remain on-premise, in private cloud, or in public cloud environments; the platform works with all locations through secure enclave connectors.

Secure cross-partner data validation
Partners can compare or validate overlapping datasets inside TEEs without revealing underlying records, ensuring data quality and correctness in joint workflows.