MongoDB’s Client-Side FLE supports KMIP-enabled Key Provider

MongoDB released one of the most anticipated features of Client-Side Field Level Encryption (FLE): Client-Side FLE support for any KMIP-compliant key provider.

Client-Side FLE delivers the strongest privacy and security controls. MongoDB drivers encrypt the sensitive fields in your documents before they leave the application. Client-Side FLE allows customers to:

  1. Protect data while being transmitted, at rest and in use. The database never sees plaintext, but data remains queryable.

  2. Make data unreadable to anyone running the database for you, or who has access to the underlying database infrastructure

  3. Simplify the process of enforcing right to erasure (sometimes called right to be forgotten) mandates in modern privacy regulations such as the GDPR or the CCPA. This is because you simply destroy the key encrypting a user’s PII, and their data is rendered unreadable and unrecoverable — in memory, at rest, in backups, and in logs

KMIP is a standardized protocol that allows services and applications to perform cryptographic operations such as key management, certificate signing, encryption and more. KMIP defines how key management operations and data should be exchanged between client and servers. Now, MongoDB Client-Side Field Level Encryption supports any KMIP-enabled key provider, so customers can benefit in the following ways:

  • Customers can use any key provider that is KMIP-enabled, in addition to the key management services provided by major cloud providers like AWS, Google Cloud, and Azure.

  • Customers can use their own custom in-house key management solution that is KMIP-enabled.

The following is the illustration of the query flow submitted by an authenticated client using FLE.

”

In this example let us assume we are retrieving a user’s record by their SSN number:

  1. When the application submits the query, the MongoDB driver first analyzes it to determine if any encrypted fields are involved in the filter.

  2. Recognizing that the query is against an encrypted field, the driver requests the key encryption key from the KMIP-enabled key provider. The key provider returns the keys to the MongoDB driver and encrypts the key fields such as SSN # in this example.

  3. The driver submits the query to the MongoDB server with the encrypted fields rendered as ciphertext.

  4. The MongoDB server returns the encrypted results of the query to the driver.

  5. The query results are decrypted with the keys held by the driver, and returned to the authenticated client as readable plaintext.

For more information on Field Level Encryption and Atlas Security Controls, refer to the following resources:

← Previous

Catalysr and MongoDB Team to Support Migrant Entrepreneurs

Imagine what it’s like to not only be a migrant in a brand new country, but also to have a revolutionary idea inside your head, and soon realize that you have no idea how to go about putting that idea into action. Thankfully, for migrants in Australia, Catalysr is designed specifically for you. Catalysr is a startup incubator for early stage startups, with entrepreneurship programs for high-performing migrant and refugee entrepreneurs (or as Catalysr calls them - ‘migrapreneurs’) who want to find success in Australia by building their very own tech company. The company is designed for those with fresh ideas and are ready to take on a big challenge in order to bring those very ideas to life. Since its inception in 2015, Catalysr has supported over 520 migrapreneurs, 175+ businesses, and its community includes over 1200 professionals, advisors, and investors. The MongoDB for Startups team was excited to team up with Catalysr to support their mission and startups. Built with MongoDB spoke with Devarshi Desai, Community Manager at Catalysr, to discuss the challenges migrants in Australia face, the different programs the company offers, and where he sees the community at Catalysr heading in the future. Built with MongoDB: What is Catalysr all about? Devarshi Desai: Catalysr is a startup incubator for international students, migrants, and refugees in Australia. When people come to Australia, they may not have all the connections that they had back in their own country, or they don’t know how businesses work in their new country of residence. That is one of the problems we want to solve, to make it accessible for migrants to start businesses in Australia. We do that through two different programs, the pre-accelerator program and the accelerate program. Built with MongoDB: Can you explain the differences between the two programs you mentioned? Devarshi Desai: The pre-accelerator program is more of an educational program, as in, it’s great that you want to build a startup, but there are the things that you need to know to make sure that you can start your startup the right way. A lot of times, it’s simple things, such as getting validation of the problem or solution before building a product. That’s one mistake that we see a lot of founders make, just because they think they have this great solution, they go on and build that solution, but it might not be the best way to do it. The pre-accelerator program makes sure that the solution is shaped to best execute, it’s for very early stage founders that want to learn how to best execute their idea. We launched the pre-accelerator program all across Australia in 2021, before that it was primarily in Melbourne and Sydney. We organise Community sessions every week, where founders can meet each other, and they can interact, learn and discuss some of the things that they have learned that specific week. The Community part of it is really important. The accelerate program is for startups that are slightly more advanced, those who have launched, they obviously want to grow and scale, and the program steps in and has them meet with investors, and just have those first conversations about what investors are looking for. It’s preparing them for the next journey. Built with MongoDB: What specific challenges do migrant and refugee entrepreneurs face? Devarshi Desai: For a lot of international students and migrants, it can be very difficult to land their first job in Australia, for various reasons. So after brainstorming some ideas, Catalysr co-founders, Usman Iftikhar and Jacob Muller decided to help migrants start their own businesses in Australia. When you come to a new country, they may not know anything about your culture, or who you are, so how do you build that trust, build that connection? So we try to help them learn these things, all the basic stuff that they need to know in Australia if they want to start a business. Built with MongoDB: What is the acceptance process like for each program? Devarshi Desai: For the pre-accelerator program, the entry criteria is quite low, because we want to make this accessible for as many people as possible. One entry point is we need somebody who is a migrant, that’s number one. They also need to have a startup idea, we don’t typically ask for much more than that, because they understand that this is a very early stage. The goal is to inspire them to solve problems that they see in the world. The accelerate program, the entry is a bit more difficult, because we only allow startups that have launched, that are validated, and who would like to scale. It’s not just an idea in their head, it’s slightly more advanced, we help them with investor meetings and networking with mentors. It also helps VC funds and angel investors who are constantly on the lookout for the next big thing, and the next startup. Built with MongoDB: Can you tell us more about your role as Community Manager? Devarshi Desai: One of the reasons why I really like my role is I believe in the power of community, and many people working together that believe in the same cause and work towards solving a problem. I also have been an international student and a migrant founder. I started recording the journey on YouTube of being an International student, and it became one of the biggest YouTube channels for international students in Australia. And out of that, we could build one of the biggest communities of international students in Australia. I am very interested in startups and solving problems for migrants, and that’s when Catalysr came in, and I realized this was perfect. I realized that it’s a cause that I would like to work for. Built with MongoDB: What does the future of Catalysr look like? Devarshi Desai: If we look at the last 30 years, the number of migrants has increased significantly all over the world. This is a trend that is going to continue. The number of people migrating to different countries and wanting to start a business is the thing we want to help them with. Currently we have programs running in Australia and New Zealand but sky's the limit. The goal would be to help migrants all over the world build startups. Built with MongoDB: What is one piece of advice that you would give to a founder or CTO? Devarshi Desai: One piece of advice that I received, and I try to remember every day is to just jump in, whether you’re prepared or not. Because when you have already started something, the pressure is on, and you most likely end up creating something out of it, rather than just thinking about it. Interested in learning more about MongoDB for Startups? Learn more about us here .

February 2, 2022
Next →

Retrieval Augmented Generation for Claim Processing: Combining MongoDB Atlas Vector Search and Large Language Models

Following up on our previous blog, AI, Vectors, and the Future of Claims Processing: Why Insurance Needs to Understand The Power of Vector Databases , we’ll pick up the conversation right where we left it. We discussed extensively how Atlas Vector Search can benefit the claim process in insurance and briefly covered Retrieval Augmented Generation (RAG) and Large Language Models (LLMs). MongoDB.local NYC Join us in person on May 2, 2024 for our keynote address, announcements, and technical sessions to help you build and deploy mission-critical applications at scale. Use Code Web50 for 50% off your ticket! Learn More One of the biggest challenges for claim adjusters is pulling and aggregating information from disparate systems and diverse data formats. PDFs of policy guidelines might be stored in a content-sharing platform, customer information locked in a legacy CRM, and claim-related pictures and voice reports in yet another tool. All of this data is not just fragmented across siloed sources and hard to find but also in formats that have been historically nearly impossible to index with traditional methods. Over the years, insurance companies have accumulated terabytes of unstructured data in their data stores but have failed to capitalize on the possibility of accessing and leveraging it to uncover business insights, deliver better customer experiences, and streamline operations. Some of our customers even admit they’re not fully aware of all the data in their archives. There’s a tremendous opportunity to leverage this unstructured data to benefit the insurer and its customers. Our image search post covered part of the solution to these challenges, opening the door to working more easily with unstructured data. RAG takes it a step further, integrating Atlas Vector Search and LLMs, thus allowing insurers to go beyond the limitations of baseline foundational models, making them context-aware by feeding them proprietary data. Figure 1 shows how the interaction works in practice: through a chat prompt, we can ask questions to the system, and the LLM returns answers to the user and shows what references it used to retrieve the information contained in the response. Great! We’ve got a nice UI, but how can we build an RAG application? Let’s open the hood and see what’s in it! Figure 1: UI of the claim adjuster RAG-powered chatbot Architecture and flow Before we start building our application, we need to ensure that our data is easily accessible and in one secure place. Operational Data Layers (ODLs) are the recommended pattern for wrangling data to create single views. This post walks the reader through the process of modernizing insurance data models with Relational Migrator, helping insurers migrate off legacy systems to create ODLs. Once the data is organized in our MongoDB collections and ready to be consumed, we can start architecting our solution. Building upon the schema developed in the image search post , we augment our documents by adding a few fields that will allow adjusters to ask more complex questions about the data and solve harder business challenges, such as resolving a claim in a fraction of the time with increased accuracy. Figure 2 shows the resulting document with two highlighted fields, “claimDescription” and its vector representation, “claimDescriptionEmbedding” . We can now create a Vector Search index on this array, a key step to facilitate retrieving the information fed to the LLM. Figure 2: document schema of the claim collection, the highlighted fields are used to retrieve the data that will be passed as context to the LLM Having prepared our data, building the RAG interaction is straightforward; refer to this GitHub repository for the implementation details. Here, we’ll just discuss the high-level architecture and the data flow, as shown in Figure 3 below: The user enters the prompt, a question in natural language. The prompt is vectorized and sent to Atlas Vector Search; similar documents are retrieved. The prompt and the retrieved documents are passed to the LLM as context. The LLM produces an answer to the user (in natural language), considering the context and the prompt. Figure 3: RAG architecture and interaction flow It is important to note how the semantics of the question are preserved throughout the different steps. The reference to “adverse weather” related accidents in the prompt is captured and passed to Atlas Vector Search, which surfaces claim documents whose claim description relates to similar concepts (e.g., rain) without needing to mention them explicitly. Finally, the LLM consumes the relevant documents to produce a context-aware question referencing rain, hail, and fire, as we’d expect based on the user's initial question. So what? To sum it all up, what’s the benefit of combining Atlas Vector Search and LLMs in a Claim Processing RAG application? Speed and accuracy: Having the data centrally organized and ready to be consumed by LLMs, adjusters can find all the necessary information in a fraction of the time. Flexibility: LLMs can answer a wide spectrum of questions, meaning applications require less upfront system design. There is no need to build custom APIs for each piece of information you’re trying to retrieve; just ask the LLM to do it for you. Natural interaction: Applications can be interrogated in plain English without programming skills or system training. Data accessibility: Insurers can finally leverage and explore unstructured data that was previously hard to access. Not just claim processing The same data model and architecture can serve additional personas and use cases within the organization: Customer Service: Operators can quickly pull customer data and answer complex questions without navigating different systems. For example, “Summarize this customer's past interactions,” “What coverages does this customer have?” or “What coverages can I recommend to this customer?” Customer self-service: Simplify your members’ experience by enabling them to ask questions themselves. For example, “My apartment is flooded. Am I covered?” or “How long do windshield repairs take on average?” Underwriting: Underwriters can quickly aggregate and summarize information, providing quotes in a fraction of the time. For example, “Summarize this customer claim history.” “I Am renewing a customer policy. What are the customer's current coverages? Pull everything related to the policy entity/customer. I need to get baseline info. Find relevant underwriting guidelines.” If you would like to discover more about Converged AI and Application Data Stores with MongoDB, take a look at the following resources: RAG for claim processing GitHub repository From Relational Databases to AI: An Insurance Data Modernization Journey Modernize your insurance data models with MongoDB and Relational Migrator

April 18, 2024