Additional data security and privacy measures
Apart from FHE and Federated learning PrivateAI has already implemented additional security measures to support the highest level of user safety when using the product
- Encryption methods: PrivateAI utilizes RSA encryption, which is an asymmetric cryptographic algorithm. It involves a pair of keys: a public key for encryption and a private key for decryption. This ensures that sensitive data can be securely encrypted using the public key and only decrypted by the authorized recipient who possesses the corresponding private key. This method is fundamental in ensuring data confidentiality and integrity. In addition to RSA, PrivateAI employs multikey encryption techniques. This allows a file to be encrypted in such a way that it can be decrypted by any of several private keys. This approach enables secure access for multiple authorized recipients without compromising the confidentiality of the data.
- Methods for secure communication between users and servers: For secure communication between the application client and backend servers, PrivateAI uses the HTTPS protocol. HTTPS encrypts data during transmission using SSL/TLSprotocols. These certificates authenticate the identity of the server and establish a secure connection between the client and server. HTTPS encryption ensures that data exchanged between the client and server remains confidential and protected from eavesdropping or tampering.
- Secure backend communication: For transferring data between backend systems, storage solutions, and AI servers, PrivateAI employs the SFTP. SFTP provides a secure channel over SSH for file transfer, offering encryption, authentication, and data integrity. This protocol ensures that data exchanges within the infrastructure are protected against unauthorized access and tampering.
- CORS Policy: To control and restrict cross-origin requests, PrivateAI implements a CORS policy. CORS is a security feature implemented by web browsers to prevent malicious websites from accessing resources on a different origin. PrivateAI configures CORS headers on its servers to specify which origins, HTTP methods, and headers are allowed to access its resources.