DE | EN

Informational self-determination
through data filtering and masking

In the context of digital transformation, more and more data is being collected, analyzed, refined and exchanged by IT applications. Especially the exchange of data presents companies with great challenges, for example when data is collected from customers or passed on to business partners. On the one hand, legal requirements must be fulfilled, for example requirements from the European Data Protection Regulation (GDPR) such as informational self-determination. On the other hand, data exchange with business partners always represents a risk as soon as it affects sensitive, personal or business-critical data. However, to decline an exchange reduces the competitiveness of a company. To open uncontrollably is dangerous. The challenge is to strike a balance in data transfer. Data can be filtered or masked before being passed on in accordance with statutory and company regulations.

is a technical implementation of data sovereignty, which represents an essential component for informational self-determination. It is based on the IND2UCE framework for data usage control developed at Fraunhofer IESE. implements data sovereignty by monitoring or intercepting security-relevant data flows. This enables fine-grained masking and filtering of data flows at interfaces (APIs) in order to make them anonymous, for example. Compared to classical access control systems, can enforce partial filtering and masking of data, context and situation restrictions as well as restrictions on the purpose of use. Compliance with data sovereignty through changes in data flows is controlled by a set of policies. A central management interface offers an editor for creating and adapting rules at run-time. The ability to flexibly adapt data usage rules at any time ensures high maintainability and avoids unnecessary complexity in technical integration.

Key Features

consists of three core functions: Enforcement, Policies, and Management.
Informational Self-determination with MYDATA Control Technologies
  • Enforcement: offers control points for the enforcement of usage policies, which can be easily integrated into target systems. These can filter and mask information at data interfaces. In addition, offers the possibility to perform actions using additional components, such as notification by e-mail. The functionality of the control points and action executions can be extended by means of plugins.
  • Policies: New policies (rules) for data usage can be written at runtime. Among other things, time and frequency-based uses ("Data may only be used 5 times within a day"), situation-based uses ("Sensitive data may not be viewed on business trips") and masked uses ("For the PSD2 service provider, the middle 12 digits of the IBAN are replaced by an X") can be specified.
  • Management: combines the administration of data sovereignty requirements and technical components in a central administration interface.

Key Advantages

  • Central services for managing and controlling data flows at runtime
  • Extension possibilities through plugin concept
  • Uniformity in the implementation of data sovereignty
  • Easy integration into existing systems
  • Flexible set of rules for mapping data sovereignty requirements
  • Context and situational restrictions

Examples

Data exchange between companies

Data exchange between companies

Many companies see enormous potential - but also risks - in the collection, analysis and exchange of a wide variety of data. For example, if a supplier wants to notify a company of an imminent delivery bottleneck, this information should not be published or disseminated in an uncontrolled manner. In this case can ensure that the use is limited in time and only by an authorized group of persons.

Data release for banking according to PSD2

Data release for banking according to PSD2

The EU Directive PSD2 (Payment Services Directive) regulates, among other things, participation in the payment industry by non-banks. External companies can gain access to transaction and customer data in order to offer the bank customer added value. PSD2 interfaces with offer the bank customer informational self-determination when using data by third parties. The bank customer determines which transaction data is issued to external companies. For this purpose, the data can be filtered and masked with - creating more trust by strengthening the data sovereignty of bank customers.

Smart rural areas

Smart rural areas

Digitization is progressing steadily, even in rural areas. To this end, the new Digital Villages Platform (www.digitale-doerfer.de) is currently under development. This enables communities to offer digital services to citizens that make their lives easier. An example of this is a pick-up service. Citizens can ask others to deliver goods from the regional trade to your front door. This request is publicly visible. protects the privacy of citizens. Further details about the delivery, such as the exact delivery address, are only displayed to the supplier. If the delivered person is not at home, he can determine a secret storage location. However, the supplier can only see this on his smartphone if he is in the immediate vicinity of the place of delivery. uses contextual information, such as the supplier's location, to control the use of the data.

Our Services

In addition to the software solution itself, we offer consulting and integration services:

Potential analysis

Potential analysis

Would you like to find out which applications offers to protect your data? We would be pleased to organize a workshop together with you and develop application scenarios for data sovereignty in your company with .

Piloting

Piloting

Would you like to test in your company? Our developers will be happy to support you with a proof-of-concept implementation in your company context.

Developer Support

Developer Support

Would you like support in integrating into your system, in developing your own plug-ins or in specifying usage rules for your application cases? Our experts will be pleased to support you in solving your individual challenges.

Our Products

Got curious? Learn more in our documentation and start directly!

Office Plugins

About us

We are an interdisciplinary team of computer science researchers, developers, software architects, security and UX experts. Since 2008, Fraunhofer IESE is working on data usage control and IND2UCE, following the Fraunhofer principle to forge the future. Overall, we accomplished more than 10 research projects, closely tied to industry.

Contact Us

If you have any question or you want to try our software please do not hesitate to contact us via mail, phone, fax or contact form.