Secure Mortgage

  • Michael Gardner
    Michael Gardner
Secure Mortgage

Cape + Privacy

At Cape Privacy, we strongly believe in protecting users' data. In fact, we built a company dedicated to making that simple for any developer. We do this by extending data protection from "at rest" and "in transit", to "in use" as well. When using Cape serverless functions, you are leveraging confidential computing via simple API calls.

Secure Mortgage Demo

Any application that leverages sensitive or confidential data has a responsibility to adequately protect it, but it is often a nontrivial task. This post will highlight a simplified mortgage approval calculator to demonstrate how Cape can easily make any application more secure. You might notice we've oversimplified the traditional mortgage process (if only it were this easy) to focus on how Cape adds value, and how trivial it can be to integrate with your existing tools and workflows. The mortgage demo collects financially sensitive information, and submits it for processing to determine eligibility. Because we're using a Cape function and the Cape Javascript SDK to submit the form data, user data is automatically encrypted prior to submission. It is also transmitted over TLS until it lands within a Cape enclave for processing (which is a trusted execution environment). Processing occurs within that confidential computing environment and the response is also encrypted when returned to the caller. No special expertise or cryptography required- it's what Cape and it's SDKs handle for you by default.

The Implementation

The function we used to naively determine mortgage eligibility can be found in GitHub. You'll also find instructions to deploy the function yourself, and invoke it using the Cape CLI. We also provide a frontend web application as a demo where you can see how it might look for an end user.

Copy
import json
MIN_DOWN_PERCENTAGE = 0.05
MIN_SALARY = 0.1

def mortgage(salary, amount, down):
downPercentage = (100 _ down) / amount
salaryPercentage = (100 _ salary) / amount
if down > amount:
    return "You do not require a mortgage since you can put down more than the mortgage amount"
if downPercentage < MIN_DOWN_PERCENTAGE:
    return "You do not qualify for a mortgage. You need a down payment of at least 5 percent of the house cost."
if salaryPercentage < MIN_SALARY:
    return "You do not qualify for a mortgage. You need a salary of at least 10 percent of the house cost."
return "Congratulations! You qualify for a mortgage."` `def cape_handler(input_data):
    input_data = json.loads(input_data)
    salary = input_data["salary"]
    amount = input_data["amount"]
    down = input_data["down"]` `return mortgage(salary, amount, down)

Cape functions are written in Python and give you great flexibility in what you can implement.

Final Words

I hope that this example has demonstrated how trivial it can be to significantly enhance the security of your applications and data. In addition to protecting your users' data, confidential computing has the ability to protect IP, mitigate data leakage, and might even help with regulatory compliance. I also hope that as a developer you find it quite convenient not to have to concern yourself with many of the (very important) details around getting security right. Cape helps with that, so you can spend more time focused on code and business requirements.  And remember: what happens in Cape, stays in Cape!

Check out the Getting Started Docs to try Cape for free. We'd love to hear what you think.

Share this post