TripleBlind User Guide

Getting Started

This guide introduces the fundamental concepts and instructions needed to get started with TripleBlind.

Overview

Every computer operation can be described as feeding data into an algorithm to get output. Algorithms can be simple or complex, but that is how computers have operated since they were conceived. The introduction of networks and the internet didn't change this basic formula. It allowed the input data to reside further away from the CPU running the algorithm and the output to be sent to different locations. With today's network speeds, the physical storage device that holds the data is less important and often unknown to ordinary users.

While the internet didn't change the conceptual operation of computers, it did introduce new security and legal challenges. With data being transmitted over an unknown sequence of physical links and intermediate storage devices, the chances of data being intercepted or leaked have increased.

Trusting other parties to protect your interests has proven inadequate. Whether through the intentional efforts of a bad actor or the unintentional vulnerabilities introduced by trusted partners, the result is the same: sensitive data is leaked. As a result, organizations must abide by complex regulations to operate on internal data when dealing with multinational scenarios. Collaboration with others can be expensive and difficult, and in some cases virtually impossible. TripleBlind enables collaboration on sensitive data without the need to trust a 3rd party or move data.

Architecture

The TripleBlind architecture consists of two primary components: the Router and Access Points. These components work together to enable collaboration between Organizations.

Routers

The TripleBlind Router changes the architecture of collaboration by acting as the coordinator between different parties. It indexes Datasets and Algorithms but never the actual data or code to be executed. These indexes can be searched, and the Router verifies security and authentication before a calculation begins.

Access Points

An Access Point is run by each Organization that wants to participate in the TripleBlind ecosystem. The Access Point runs on a computer or cloud instance that is completely controlled by the participant. It has two primary duties:

  • Provide computational resources for joint operations
  • Act as the encryption gatekeeper to the Organization's data

Each Access Point is registered with the Router and only individuals from that Organization are able to manage the Assets it protects. However, with permission, an Access Point can establish a connection with another Access Point to execute a single operation. Each operation requires explicit permission, and once it completes the operation, the connection is closed.

Joint Operations

Regardless of the operation or technique used, an Access Point will never send an Organization's data to anyone else, guaranteeing that privacy and data residency are fully upheld. Instead, joint operations are achieved in one of two ways:

  • Fed(erated) Operation These operations "bring the program to the data." The Access Point executes the training or analysis in place. For certain operations, intermediate data is passed between Access Points, but no raw data or unaggregated data is shared. All data transmission uses industry standard SSL technologies, requiring TLS 1.2+ using SHA-256 or better cryptographic hashes, AES encryption and 2048 bit RSA keys.
  • SMPC Operation SMPC (Secure Multi-Party Computation) is a true joint operation. Neither data nor the operation is fully held by either party, resulting in mathematically guaranteed privacy of both parties.

Security and Privacy Advantages

With this architecture, data never leaves the protected environment of the owner. Data residency requirements are fully satisfied, auditability and retractability is easy, and security can be guaranteed by the data owner.

Assets

TripleBlind supports three types of Assets: Datasets, Algorithms, and Reports. Assets are stored within an Organization's Access Point and use of an Asset is fully controlled by the Organization.

Datasets

A Dataset is an Asset that represents data, such as a CSV file, a set of images, or a database query that produces a fixed view of tabular data.

For a file-based Dataset, the set of records is constant once it has been placed on your Access Point. Database-based Datasets are dynamic. The fields are always the same, but the number and content of records comes from the database at the time the Algorithm is executed. The actual data is not stored on the Access Point; only a set of instructions for connecting to the database and for extracting a data view is stored.

Datasets are positioned by the Asset Owner through the TripleBlind web interface or SDK and can be made available for use in Algorithms.

Algorithms

An Algorithm is an Asset that represents an operation, such as a trained neural network or a PMML definition of a statistical process. Algorithms are positioned by the Asset Owner through the TripleBlind SDK and can be executed using available Dataset Assets.

Reports

A Report is a special kind of Algorithm Asset that allows a Data Owner to make a specific, controlled view of a database table available to a counterparty. For more information on Report assets, see Blind Report.

Controlling Access to Assets

By default, only the owner of a Dataset or Algorithm has permission to use the Asset. The owner can grant permission to other users in the TripleBlind ecosystem to use their Asset.

Granting permission means enabling other Organizations to use your data privately to train an Algorithm or run a data analysis task. However, your data never leaves your infrastructure and is never revealed either to the Organization requesting the operation or to TripleBlind. To learn more about our secure and privacy-preserving techniques, visit đź”—tripleblind.com.

When a user outside of your Organization wants to use an Asset you own, such as a Dataset, you must explicitly grant permission for each use. TripleBlind provides a web interface for reviewing Access Requests, and for approving or denying them. You can also establish Agreements with other Organizations to automate the approval process, using the TripleBlind web interface or SDK.

User Roles

There are three primary user roles within the TripleBlind ecosystem: Organization Owners, Asset Owners, and Asset Users.

The Organization Owner is the first user account associated with a new Organization and has primary responsibility for the management of the Organization, including Access Point setup and User Administration. The Organization Owner also has access to the Audit Logs for all Assets. Other users of the system can be given permissions to handle administrative tasks, such as User Management and Agreement Management.

Asset Owners are users that position Dataset and Algorithm Assets on their Organization’s Access Point. They are typically given permission to publish Assets, and may also be given permission to grant access to Datasets, which allows them to approve Access Requests when someone wants to use an Organization Asset.

Asset Users are users that utilize Assets within their own Organization and Assets published by other Organizations. They are able to freely use Assets that exist within their own Organization. Assets from another Organization may be used only if an Asset Owner from that Organization approves the requested operation in an Access Request, or if the Organization and the Asset User have established an active Agreement that covers the use of that Asset for the requested operation.

Using TripleBlind

There are three primary modes of interacting with TripleBlind: interactively through the TripleBlind Web Interface (đź”—tripleblind.app), programmatically through the SDK, and by using the tb.py command line tool.

Web Interface and Documentation

Using the TripleBlind web interface, you can manage Organization and Account settings, explore, position, and manage Assets, and initiate Processes such as Blind Join and Blind Sample.