The WITDOM End-2-End Encryption (E2EE) component provides protection functionalities in terms of locally encrypting data in the trusted domain before storing them in the untrusted domain for the secure backup purposes.
WITDOM’s data masking component is responsible for masking sensitive data classified as direct identifiers. The masking process creates service-and-user-specific tokens that can be updated over time, satisfying two main security requirements: irreversibility and unlinkability.
WITDOM’s Integrity and Consistency Verification component protects the integrity and consistency of data outsourced to an untrusted remote storage.
License: Apache License, Version 2.0
The Secure Computation component offers data protection functionalities by means of homomorphic encryption (HE) and secure multiparty computation (MPC), thus enabling privacy preserving computation in the untrusted domain.
License: GPL 3.0
Secure Signal Processing (SSP)
WITDOM’s Secure Signal Processing (SSP) component performs secure signal processing operations on protected data and signals (encrypted, obfuscated, split or a combination thereof) in an untrusted environment, by preventing the disclosure of the sensitive information while it is being processed i
The Anonymization component is a protection component that applies anonymization techniques to the data before they are outsourced to an untrusted domain.
License: Proprietary software (EULA - End User License Agreement)
With every request to the WITDOM platform for processing of new data, the data are first transformed into the common WITDOM format (if it is not in this format already) and then stored in the WITDOM Storage for further processing.
Key Manager (KM)
The WITDOM Key Management component provides management of secrets (for example, private and public encryption keys or credentials to access the storage) that are required for operations run by protection components.
The WITDOM Identity and Access Management (IAM) component ensures that sensitive data in WITDOM is only accessible to individuals who are granted explicit entitlements to specific services, and has the ability to monitor / audit access to data and operations.
IAM license: Apache 2.0
The Protection Orchestrator (PO) coordinates several protection components and services in order to effectively protect data before they leave a trusted environment for processing or storing reasons. The PO is in charge of parsing the protection configuration of an application and applying it.