Frequently Asked Questions

Confidential computing is an approach focused on helping to secure data in use. The efforts can enable encrypted data to be processed in memory while lowering the risk of exposing it to the rest of the system, thereby reducing the potential for sensitive data to be exposed while providing a higher degree of control and transparency for users.

At the core of confidential computing is an isolated, hardware-based Trusted Execution Environment (TEE) where trusted software can access confidential data. Data is only released to the TEE for decryption & processing when authorized by the owner's key. The TEE can be verified through a process called attestation, which helps assure users their TEE is genuine and correctly configured.

A trusted execution environment (TEE) is a secure area of a main processor. It protects code and data loaded inside with respect to confidentiality and integrity. Data integrity—prevents unauthorized entities from altering data when any entity outside the TEE processes data, Code integrity—the code in the TEE cannot be replaced or modified by unauthorized entities.

Attestation of a Trusted Execution Environment (TEE) is the dynamic measuring of the health of the isolated execution technology and is based on building a trust chain from the manufacturer to the last power cycle of the device.

Intel Tiber Trust Authority is a Zero Trust attestation SaaS that verifies the trustworthiness of compute assets in the cloud. Intel Tiber Trust Authority attests to the validity of Intel Confidential Computing environments, also known as Trusted Execution Environments (TEEs).

Intel Tiber Trust Authority is now free to use for customers using TEEs on select cloud service providers. US and European customers can visit the customer portal for more information on how to get started.

If you are interested in an extended support agreement for Intel Tiber Trust Authority, please contact an Intel representative.

CSP: Azure, Google Cloud, and IBM Cloud.

ISV: Thales, Proximus.

Get started with these steps:

· Sign in to the customer portal to obtain an API key.

o US Customers: https://portal.trustauthority.intel.com/

o EU Customers: https://portal.eu.trustauthority.intel.com/

Download instructions from the portal.

Intel Tiber Trust Authority offers an operator-independent attestation service that helps provide end users with confidence that the TEE provided by the CSP is trustworthy. End users can encrypt their application and not release the decryption key, nor decrypt it, until the attestation token is received. End users can maintain their own KMS on-prem or depend on CSP-provided key vaults, such as Azure Key Vault, to manage these encryption and decryption keys. Therefore, KMS is an integral part of the customer solution, and Intel Tiber Trust Authority is designed to interoperate with it.

Intel followed its Security Development Lifecycle (SDL) when developing Intel Tiber Trust Authority. Before we deliver products to our customers, we apply rigorous testing and offensive research, scouring code for potential security vulnerabilities. But we don’t stop with our own assessment. We work with the best in the business—whether that’s a top university, a major technology vendor, or even a group of elite hackers to put our products to the test.

Intel Tiber Trust Authority has achieved ISO 27001:2022 certification. The Confidential Computing attestation service is committed to delivering best practices in security controls, information technology and cybersecurity to our clients and their customers. For more information: https://www.intel.com/content/www/us/en/quality/corporate-certifications/directory.html.