Confidential Computing: Exploring Intel’s SGX Architecture
The Challenge
Today’s financial institutions are looking to streamline their Know Your Customer (KYC) process not only to gain efficiencies but also improve regulatory compliance.
One of the biggest challenges banks and building societies face is the lack of standardization across the industry. Different providers or divisions ask for inconsistent documentation and information from account holders and applicants. This fragmentation leads to client dissatisfaction, increased use of intermediaries and increased cost of customer retention.
Under pressure from leaner, more responsive neo banks, retail institutions are looking at ways to effectively improve client experience to reduce account attrition.
Typically, KYC is performed with the assistance of credit agencies who broker customers’ personally identifiable information between financial organizations to limit the privacy, confidentiality, reputational and financial risks. This approach is both costly and ineffective, adding an extra layer of bureaucracy and an over reliance on manual processes, making it cumbersome and time-consuming.
As a result, some financial institutions could struggle to comply with ever evolving regulations in the KYC arena such as Anti Money Laundering and CounterTerrorism Financing legislations. Not only do new clients need to be screened but activities need to be reviewed on a recurrent basis. Nationwide Building Society are working to achieve continuous, sustainable compliance in the most cost-effective and expeditious manner.
As a data driven financial institution with a focus on machine intelligence, Nationwide are constantly pursuing new initiatives to work with new technologies. Nationwide recognizes the potential of insights in sensitive and restricted data and has launched multiple workstreams to explore new technologies in this field, one of which is Confidential Computing.
Digitizing KYC through improved data sharing could also eliminate the need
for customers to visit a physical branch. Additionally, by building a system that shares confidential customer data (with members’ permission), between financial institutions directly, Nationwide was able to demonstrate accelerated KYC checks that could deliver a better service to customers and gain efficiencies and cost savings on their current internal processes. There would also be the potential to lower the cost of compliance checks by reducing reliance on third party credit agencies.
Nationwide accomplished this through Confidential Computing techniques that support machine learning techniques and computation on third party sensitive datasets. This provides a solution for privacy and confidential challenges, assuring the integrity of the algorithms using attestation techniques. This potentially opens the door to new ways of performing initial and ongoing KYC checks.
Confidential Computing & Nationwide
As Nationwide embarked on a proof of concept to explore machine learning on encrypted datasets, initial efforts focused on building a shared database using homomorphic encryption. The proof of concept encrypted database worked as expected, however, the performance of the queries when working with production data and real world customer journeys became a concern.
Nationwide refocused the Proof of Concept to the potential offered by Confidential Computing powered by Intel® Software Guard Extensions (Intel® SGX) technology available in the Intel® Xeon® E family of processors. Intel® SGX offers hardware-based memory encryption that isolates specific application code and data in memory. Intel® SGX allows user-level code to allocate private regions of memory, called enclaves, which are designed to be protected from processes running at higher privilege levels.
A proof of concept built on Intel® SGX was developed that allowed encrypted datasets to be decrypted safely inside of an enclave. This alternative technology approach offered far better scalability than the homomorphic encryption approach. Although the Intel® Xeon® E family of processors has a relatively small enclave size requiring the application to swap in and out of the enclave, Intel® SGX was quick and responsive, while data was fully encrypted to maintain confidentiality of the ‘shared’ datasets. During testing, it was shown that partners were able to inspect the various functions inside the SGX enclave and confirm access was properly protected — but that the raw data itself remained encrypted and inaccessible to other partners sharing information via the platform.
Closing Remarks
The KYC Proof of Concept has served as a launchpad for Confidential Computing powered by Intel® SGX within Nationwide. It has helped to clarify the potential of secure enclaves, and how they can be used to create more secure data sharing opportunities with third parties. There are also
potential applications for using Intel® SGX-protected data sharing to help detect and reduce fraud like Anti Money Laundering for example. Similarly, data shared in the Confidential Computing enclave may be used to build more accurate profiles for each customer, allowing Nationwide to tailor offers and promotions or to use deeper, more accurate insights to develop new products and services.
During the project, the Software Engineering Proof of Concepts team built a collection of code libraries that utilize SGX, with the aspiration that these are made available to other in-house development teams to be integrated into other projects quickly and easily, whenever they are needed providing the potential for newer value-added services for Nationwide.
SGX technology continues to mature and adapt to the changing needs of industry. With the release of the new 3rd Generation family of Intel® Xeon® CPUs, there are even more potential opportunities.
“3rd Generation Intel® Xeon® Scalable systems from Intel are really interesting to us from a proof of concept perspective. Something we realized on the earlier silicon was that there were concerns about how it would perform at scale, due to the need to shift data in and out of the enclaves because of their limited size. Being able to throttle that size up to 1 terabyte on this new generation of processor has the potential to address those concerns, as well as opening up some exciting new use cases that we want to talk to the business about.”
- Andy Hodgson, Head of Software Engineering Proof of Concepts at Nationwide
With stakeholder buy-in, Intel® SGX has the potential to radically change the way that the financial sector accesses and shares data about customers. With end to end encryption and robust confidentiality, banks can begin to build services that help them to meet their compliance obligations without degrading the customer experience.
For a closer look at what Nationwide’s Proof of Concepts team were doing in this space, check out this short film…
