We Patented the First end-to-end Encrypted VPS Using TEE

We’re thrilled to announce that we just filed a groundbreaking patent on Trusted Execution Environment (TEE) powered Visual Positioning Systems (VPS). But before digging into the details of how the system works, let’s discuss why we need this technology.

 

We’re on the cusp of the Physical AI era, with powerful drivers such as Large Geo-Spatial Models (LGMs) — the spatial understanding counterparts of LLMs — Smart Glasses, and Robots consuming and producing unprecedented quantities of spatial data. Visual Positioning Systems (VPS) are at the center of this revolution. Devices and robots need to process visual data to precisely understand their location in space, with precision requirements that go well beyond what can be achieved with a simple GPS. While this creates a trillion-dollar market opportunity for the operators of the Physical AI space, it also poses severe risks in terms of privacy for the end user.

In this new era, where Smart Glasses and Robots use visual data to understand their location in space, end users are potentially inside a Digital Panopticon where their Smart Glasses continuously stream their first-person point of view (POV) while Robots cover third-person POV. These privacy violation risks are even more apparent in cases where data is not processed on-edge by devices but sent to single or multiple remote servers. Even decentralized solutions, spreading the data among multiple servers instead of a single centralized one, do not solve the issue. In fact, while a single server represents a larger honey-pot for an attacker and a bigger incentive for the operator of the service to misbehave, smaller and more geographically spread operators offer no additional guarantees in terms of either security or the reliability of the actor operating the server.

In this scenario, it’s paramount that we move from a “Don’t be Evil” to a “Can’t be Evil” paradigm, similar to what happens with end-to-end encryption in messaging Apps where the App developer and/or server maintainer cannot decrypt the content of the messages, even if malicious or forced by a government to reveal the content.

In the case of VPS, the implementation of such a privacy-by-design solution is much more complex since it requires the application of powerful AI models on large datasets of images and 3D maps, not merely encryption on text messages exchanged peer-to-peer.

 

Approaches to End-to-End Encryption in VPS

There are two approaches that can be used to obtain end-to-end encryption in a VPS pipeline: Fully Homomorphic Encryption (FHE) or Trusted Execution Environment (TEE).

FHE is a sophisticated form of encryption that allows computations to be performed directly on encrypted data without needing to decrypt it first. This would allow the user of a VPS service to send encrypted data and receive encrypted data as a response, all without the VPS service operator being able to extract any information about the user’s camera stream and position in space. The problem with FHE is that it is computationally very intensive compared to traditional computation, thus it introduces latencies that are unacceptable for a VPS re-localization service.

Trusted Execution Environments offer a solution to these latency concerns. TEE is a type of security technology that provides a secure area (enclave) within a computing system for executing code and storing sensitive data. Similarly to a Ledger Wallet or other secure hardware wallets, it also stores a private key that is impossible to extract; this private key enables secure encryption/decryption operations on data and remote attestations on the integrity of the software that is running inside the enclave. TEEs allow for an end-to-end encrypted VPS re-localization service with minimal latency overhead compared to an unencrypted computation.

 

Our Patent-Pending TEE Framework

At a high level, our patent-pending framework works as follows:

A device — Smart Glasses, Robot, Smartphone — establishes an encrypted connection with a TEE VPS Server. It encrypts the visual data it is sending to the VPS server for re-localization purposes with the public key of the TEE machine. The data is decrypted and processed inside the TEE secure hardware enclave. The output, with the exact position and bearing of the device in space, is encrypted with the public key of the device before leaving the TEE enclave. Finally, it is sent to the device for decryption and utilization (e.g., updating an augmented reality overlay or guiding robotic navigation).

This framework ensures end-to-end encryption between the device sharing visual data and the machine elaborating the data and sending back the coordinates of the device. Moreover, computations happening inside the TEE cannot be externally accessed, not even with physical attacks. Even if the TEE machine is operated by a malicious actor, they will be unable to extract any information about the user.

Yet, this is just a part of the equation. Up to here, we have only ensured that data cannot be leaked during transmission between the requesting device and the VPS remote server, and that the VPS computation inside the enclave cannot be externally accessed. We need an additional fundamental guarantee: the integrity of the software running inside the TEE VPS server. The device needs to be able to independently verify that the software running inside the enclave (VPS Software) is not malicious (i.e., is not leaking user data) and is exactly the one that has been declared by the VPS Service provider. To achieve that, the system is engineered to allow the user device to request a Remote Attestation Quote from the TEE Server. This is a cryptographic proof that allows the device to obtain a mathematical guarantee of equivalence between the VPS Software running inside the TEE enclave and the VPS Software declared by the VPS Service provider.

 

The Future of Privacy in VPS

As Vitalik Buterin brilliantly stated in one of his blog posts from 2016: “Cryptography is truly special in the 21st century because cryptography is one of the very few fields where adversarial conflict continues to heavily favor the defender. Castles are far easier to destroy than build, islands are defendable but can still be attacked, but an average person’s ECC keys are secure enough to resist even state-level actors. Cypherpunk philosophy is fundamentally about leveraging this precious asymmetry…”

Applying cryptography to VPS technology leverages this precious defensive asymmetry to protect individuals from malicious corporations and state actors. We should make privacy the default for all VPS frameworks. At OVER, we’re fully committed to building for a future where individuals’ data and efforts are not farmed by corporations or spied on by nation states. Guided by this vision, we’ll be the first end-to-end encrypted VPS service operator.