Aggregion suspended all operations in Russia. Learn more

Technical Architecture


Structure Overview

DataLabs & CleanRoom

  • Datalab
  • CleanRoom
  • P2P
  • BI
An end-to-end process for building and running models with joint data in a single secure environment
Learn More

Customer Data Platform & Communications

  • Customer ID and profile
  • Consent management
  • Audience and campaign management
  • Customer insights
Expand your audience and realize upselling opportunities through mutually beneficial data cooperations
Learn More

Loyalty Management

  • Customer surveys
  • Coupons
  • Points processing
Ask, engage and reward your customers using
the enriched knowledge
Learn More
Logical Serverless DW
Confidential computing protocol
Data sources

Confidential Data Processing Technology

  1. Shared data computations is requested (API / User request)
  2. A secure process (enclave) is created on the server. Its memory is encrypted at the hardware level using the Intel SGX technology. The request parameters are placed into the enclave through
    the call gate (encrypted with the enclave key)
  3. Using the query parameters, the enclave process requests data from
    the local database
  4. Data from the database is moved to the enclave memory through the call gate
  5. The enclave process accesses the enclave on the side of Partner 2 and establishes a trusted encrypted channel with the Intel SGX attestation technology. Additionally, it is important to unambiguously indicate the belonging of the applied enclave to Partner 1 and confirm the authenticity of the process launched in the enclave by the time of Attestation 2.
  6. 1.   The Partner 2 enclave requests a data frame from its database.
    In this case, the decentralized protocol contains all permissions for the verification operation by referring to a smart contract
  7. A data frame from the Partner 2database enters the Partner 2 enclave through the call gate by encrypting the data with the enclave key
  8. The Partner 2 enclave sends data via a trusted channel to the Partner 1 enclave
  9. The process in the Partner 1 enclave performs the necessary computing without exposing the data to the user
  10. The computation results are uploaded into the specified recipient system (database or service).
    In this case, an SSL connection to the recipient system is established inside the enclave.
    The data transferred from the enclave through the call gate is encrypted with the SSL session key and cannot be accessed by the server administrator

A Decentralized Protocol Facilitating Efficient
and Trustful Collaboration with any Parties

  1. An EOS-based decentralized protocol
  2. Fast transactions (thousands per second)
  3. A solution for data access consensus problems (no central hub)
  4. Storing participant metadata
  5. Participants` communication does not involve Aggregion employees or other arbitrators
  6. Global user authorization
  7. An immutable encrypted transaction log
  8. Data from the database is moved to the enclave memory through the call gate

Aggregion Logical DWH

Unified semantic layer
for the partners’ data

Adapters for the most common databases: RBMS, Hive, Kafka

A unified process for fast data

Decentralized smart contracts for access rights control

Support of structured
and semi-structured data

Metadata completeness control

Any data locations: on-premise, cloud, etc.

Secure data cross-validation of data amongst partners


Enterprise Readiness

Ready for collaboration amongst enterprises

  • Trusted and secure – an enterprise - grade decentralized protocol
    & the Intel SGX technology
  • Flexible deployment options: cloud or on-premise
  • Kubernetes
  • Advanced API for any integrations
  • A central administration platform
  • SSO, Oath
  • Works with many enterprise data management solutions
Aggregion has implemented a solution that many in the advertising field would’ve considered impossible. The strategy of building a decentralized platform has paved the way for the use of Confidential Computing to securely manipulate data obtained from various partners. The ability to increase the efficiency of identifying the target audience and launching campaigns has a direct correlation to the retailer’s bottom-line. The ability to do this with high accuracy and speed will be a differentiator of high strategic importance to retailers. The clever use of the blockchain technology – and the definition of the execution rules within smart contracts – makes it possible to track every transaction accurately without sharing any third-party data. Aggregion came up with a platform that not only reduces the time to identify the campaign audience, but also does this in a secure manner.
Intel SGX Hardware Trusted Runtime is a big step towards solving the fundamental trust issue in the cloud. The data management platform developed by our partners Magnit and Aggregion is an excellent example of how this technology can be used for collaboration between system participants seeking to preserve the confidentiality of data and protect their intellectual property — even in the absence of trust between the parties. Even with the advanced hardware support, building secure data processing systems is still very challenging. The SCONE platform simplifies the use of secure enclaves, allowing our partners to focus on business logic while maintaining an unprecedented level of security. We are happy to share with them our experience gained over the years of securing applications and data in the cloud.

Ready to Give Aggregion a Try?

Realize Your Data Collaboration Opportunities
Contact Us