There exists a need to aggregate data and information possessed by financial institutions across multiple institutions for analytical calculation. For example, financial statements of different financial institutions can be aggregated for auditing, comparison, or calculation of overall statistics. These analyses are expected to be further promoted also for maintaining public order, such as revealing management conditions of financial institutions and preventing a financial risk.
Financial institutions would be willing to disclose their data to a limited extent if analytical calculation is carried out by a trusted institution. The Financial Service Agency of Japan or the Federal Reserve Bank of the United States would represent such a trusted institution, but an official organization requires enormous costs for connection, operation, and maintenance. In addition, even a trusted institution cannot completely eliminate the risk of information leakage in the first place.
To have a financial institution consent to disclose proprietary data when it has some reason to keep the data confidential, sufficient attention has to be paid to security for preventing information leakage. Also, certain financial data, such as position data and a loss calculation model, among others, are often data that financial institutions are reluctant to reveal to competitors as management know-how.
Many institutions, however, consider it acceptable to reveal their data as long as the original proprietary data is kept confidential, or the source of the original data remains hidden. Moreover, to save costs associated with data storage on their own, they often would prefer to outsource data storage, if confidentiality can be maintained.
As an example, even when statistical calculation for aggregation is just simple averaging of data possessed by two financial institutions, the parties involved sometimes only require that the data be kept consolidated, because the institutions will not dare to leak information of one another if they want to keep their own information confidential.
Published Unexamined Japanese Patent Application No. 2006-301849 discloses a technique that securely stores generated electronic information by dividing and distributing the information at multiple storage locations instead of localized storage, deletes the original electronic information residing in an internal storage, and assembles all the distributed information to reconstruct the original information.
This technique provides some benefit in terms of preventing information leak by a malicious party and securely managing data. The technique, however, is based on the premise that correct processing is performed for distributed storage of data. In addition, the amount of stored data including redundancy for reconstruction increases in proportion to the number of storages. The concept of the technique is to avoid localized management of data and seek to confine a possible source of leakage only to distributed data, but it does not provide an entity capable of performing actions with or on the data (an action entity) with freedom about the overall process and relies on a centralized mechanism.
Shamon: A System for Distributed Mandatory Access Control, by Jonathan M. McCune, Trent Jaeger, Stefan Berger, Ramon Caceres, and Reiner Sailer describes that virtual machines or VMs can be employed to enforce communication flow and that Mandatory Access Control (MAC) is a practicable general technique.