DE | EN

Informational self-determination
through data filtering and masking

In the context of digital transformation, more and more data is being collected, analyzed, refined and exchanged by IT applications. Especially the exchange of data presents companies with great challenges, for example when data is collected from customers or passed on to business partners. On the one hand, legal requirements must be fulfilled, for example requirements from the European Data Protection Regulation (GDPR) such as informational self-determination. On the other hand, data exchange with business partners always represents a risk as soon as it affects sensitive, personal or business-critical data. However, to decline an exchange reduces the competitiveness of a company. To open uncontrollably is dangerous. The challenge is to strike a balance in data transfer. Data can be filtered or masked before being passed on in accordance with statutory and company regulations.

MYDATA Control Technologies (MYDATA for short) is a technical implementation of data sovereignty, which represents an essential component for informational self-determination. It is based on the IND2UCE framework for data usage control developed at Fraunhofer IESE. MYDATA implements data sovereignty by monitoring or intercepting security-relevant data flows. This enables fine-grained masking and filtering of data flows at interfaces (APIs) in order to make them anonymous, for example. Compared to classical access control systems, MYDATA can enforce partial filtering and masking of data, context and situation restrictions as well as restrictions on the purpose of use. Compliance with data sovereignty through changes in data flows is controlled by a set of policies. A central management interface offers an editor for creating and adapting rules at run-time. The ability to flexibly adapt data usage rules at any time ensures high maintainability and avoids unnecessary complexity in technical integration.

Key Features

MYDATA Control Technologies consists of three core functions: Enforcement, Policies, and Management.
Informational Self-determination with MYDATA
  • MYDATA Control Enforcement: MYDATA offers control points for the enforcement of usage policies, which can be easily integrated into target systems. These can filter and mask information at data interfaces. In addition, MYDATA offers the possibility to perform actions using additional components, such as notification by e-mail. The functionality of the control points and action executions can be extended by means of plugins.
  • MYDATA Control Policies: New policies (rules) for data usage can be written at runtime. Among other things, time and frequency-based uses ("Data may only be used 5 times within a day"), situation-based uses ("Sensitive data may not be viewed on business trips") and masked uses ("For the PSD2 service provider, the middle 12 digits of the IBAN are replaced by an X") can be specified.
  • MYDATA Control Management: MYDATA combines the administration of data sovereignty requirements and technical components in a central administration interface.

Key Advantages

  • Central services for managing and controlling data flows at runtime
  • Extension possibilities through plugin concept
  • Uniformity in the implementation of data sovereignty
  • Easy integration into existing systems
  • Flexible set of rules for mapping data sovereignty requirements
  • Context and situational restrictions

Examples

Data exchange between companies

Data exchange between companies

Many companies see enormous potential - but also risks - in the collection, analysis and exchange of a wide variety of data. For example, if a supplier wants to notify a company of an imminent delivery bottleneck, this information should not be published or disseminated in an uncontrolled manner. In this case MYDATA can ensure that the use is limited in time and only by an authorized group of persons.

Data release for banking according to PSD2

Data release for banking according to PSD2

The EU Directive PSD2 (Payment Services Directive) regulates, among other things, participation in the payment industry by non-banks. External companies can gain access to transaction and customer data in order to offer the bank customer added value. PSD2 interfaces with MYDATA offer the bank customer informational self-determination when using data by third parties. The bank customer determines which transaction data is issued to external companies. For this purpose, the data can be filtered and masked with MYDATA - creating more trust by strengthening the data sovereignty of bank customers.

Smart rural areas

Smart rural areas

Digitization is progressing steadily, even in rural areas. To this end, the new Digital Villages Platform (www.digitale-doerfer.de) is currently under development. This enables communities to offer digital services to citizens that make their lives easier. An example of this is a pick-up service. Citizens can ask others to deliver goods from the regional trade to your front door. This request is publicly visible. MYDATA protects the privacy of citizens. Further details about the delivery, such as the exact delivery address, are only displayed to the supplier. If the delivered person is not at home, he can determine a secret storage location. However, the supplier can only see this on his smartphone if he is in the immediate vicinity of the place of delivery. MYDATA uses contextual information, such as the supplier's location, to control the use of the data.

Our Services

In addition to the software solution itself, we offer consulting and integration services:

Potential analysis

Potential analysis

Would you like to find out which applications MYDATA offers to protect your data? We would be pleased to organize a workshop together with you and develop application scenarios for data sovereignty in your company with MYDATA.

Piloting

Piloting

Would you like to test MYDATA Control Technologies in your company? Our developers will be happy to support you with a proof-of-concept implementation in your company context.

Developer Support

Developer Support

Would you like support in integrating MYDATA into your system, in developing your own plug-ins or in specifying usage rules for your application cases? Our experts will be pleased to support you in solving your individual challenges.

Getting Started

Got curious? Learn more in our documentation and start directly!

About us

We are an interdisciplinary team of computer science researchers, developers, software architects, security and UX experts. Since 2008, Fraunhofer IESE is working on data usage control and IND2UCE, following the Fraunhofer principle to forge the future. Overall, we accomplished more than 10 research projects, closely tied to industry.

From left to right: Andreas, Arghavan, Manuel, Raj, Patrick, Patricia, Sebastian*, Robin, Denis, Christian
* Sebastian left the team in 2018

Contact Us

If you have any question or you want to try our software please do not hesitate to contact us via mail, phone, fax or contact form.

Fraunhofer IESE
Fraunhofer-Platz 1
67663 Kaiserslautern, Germany
+49 631 6800-2146
+49 631 6800-9-2146
info@mydata-control.de