A method and apparatus for storing data and performing logical comparisons and other operations on said data, the results of said comparisons and operations reveal only limited information about the stored data. Stored data may include, but is not limited to, confidential information such as passwords, biometric data, credit card data, personal identifiers that uniquely identify an individual, authorization levels where an entity may make a claim to have a certain level of access right or authorization, votes cast in an election, and encryption keys. Control logic within the apparatus prevents direct access to the data store other than via a restricted command interface which prevents data from being revealed. For example, operations such as checking a putative password against a password in the data store is performed by the apparatus which returns a pass or fail, but does not reveal the stored password.