Hardware separation of users is one of the basic features of Enigma Bridge encryption platform. While we provide a number of users the same set of connection details to use in their applications (e.g., gb-1.enigmabridge.com:11180), actual processing of their request is done in different processors.
Each instance of the Enigma Bridge service contains a large number of separate hardware processors. These processors are assigned to customers when and as needed to provide all the computational power needed to serve customer's requests.
Any exchange of data with Enigma server will be encrypted end-to-end to one of the secure hardware processors. While subsequent requests are likely to hit the same secure processor, the actual selection depends on the overall load of the Enigma Bridge service. See the picture below.
Our client libraries will help you create and encrypt data for the end-to-end secure channel. The encrypted data will be wrapped into a simple JSON structure so we can apply business logic and route the data to a correct processing destination. Everything that is inside the "Enigma Bridge server" provides routing, load-balancing, fail-over, and performance monitoring. It will never see any sensitive data.
Note: The picture also mentions "PCI data" as this encryption takes everything between the channel ends out of PCI audit scope (currently the most formal security audit out there).
No two users can use a secure processor at the same time. We also can provide a complete separation of users if required.