Data usage control with IND²UCE

In company networks, sensitive data is continuously stored, processed, and exchanged through distributed services, processes, and employees. Assuring the security of your intellectual property or your private data goes far beyond simple access control. Even if access has been granted, you want to retain control over the use and dissemination of your digital assets. This is what we call data usage control (IND²UCE).

The idea behind data usage control is that the originator of the data must always know and be able to control what happens with their data. To enable this, data usage control extends the traditional mechanisms of access control to allow controlling data usage at runtime.

Integrated and secure implementation of data usage control is not limited to technical issues alone, however. Aiming, in particular, to align security with business processes and quality properties such as usability, our research increasingly focuses on the human factor.

Our research areas

• Possibilities to enforce data usage control
• Policy languages for describing requirements of data usage control 
• Evaluation and optimization of the usability of security solutions, in particular
  • Easy-to-use editors for specifying security policies
  • Privacy Dashboards for transparency and self-determination for end users
  • Dynamic adaptation of security rules through context sensitivity and Machine Learning
• Detection and protection of sensitive data by means of Machine Learning

1: Data exchange between businesses (B2B)

Many businesses are already recognizing an enormous potential in the collection, analysis, and exchange of a wide variety of data. However, they also see great risks in exchanging sensitive data with business partners. If, for example, a supplier wishes to inform a business about an imminent supply bottleneck, this information should not be published or disseminated in an uncontrolled manner. In such a case, MYDATA can assure that the usage has a time limit and is only available to an authorized group of people. In data exchange between businesses, there are many other requirements regarding data sovereignty that MYDATA helps to fulfill.

2: Data release for banking in accordance with PSD2 (C2B2B)

The EU directive PSD2 (Payment Services Directive) regulates, among other things, the participation of non-banks in the payment sector. This means that external businesses can get access to transaction and customer data in order to provide added value to bank customers. PSD2 interfaces with MYDATA give bank customers self-determination regarding data usage by third parties. The bank customers themselves determine which transaction data will be released to external companies. To this end, the data can be filtered and masked with MYDATA. For example: to assess a customer’s creditworthiness, monthly income and expenses are relevant, but the bank customer might not want to reveal all transaction details. Here, MYDATA creates more trust by strengthening the bank customer’s data sovereignty.

3: Digitalized rural areas (C2C)

In rural areas, digitalization is also making great strides. The Digital Villages Platform (www.digitale-doerfer.de) of Fraunhofer IESE enables municipalities and communities to offer digital services to their citizens. There is, for example, a bring-along service: Citizens can ask others to deliver goods from regional businesses to their door. By default, such requests are publicly visible. MYDATA protects the citizens’ privacy by ensuring that further details about the delivery, such as the exact delivery address, are only shown to the person making the delivery. If the person receiving the delivery is not at home, they can specify a secret drop-off location. However, the delivery person will only see this location on their smartphone when they are in the vicinity of the delivery location. For this, MYDATA uses contextual information, such as the current location of the delivery person, to control usage of the data.

4: Data loss prevention in the company itself (B2x)

For businesses, the – mostly unintentional – passing on of sensitive information is a constant threat. Often, this happens due to the carelessness of the employees and not through hackers or malicious intent. An employee sends an email to external recipients and has accidentally attached a confidential, internal Office document. To avoid such scenarios, the MYDATA Office plugins offer suitable solutions. Documents in a wide variety of formats (incl. Word, Excel, PowerPoint, PDF) can be classified according to their level of confidentiality and their usage can be controlled. For example, when attachments are to be sent, MYDATA monitors that internal documents are only sent to external recipients after their release has been explicitly approved. Confidential documents must be encrypted prior to being sent. This is how MYDATA prevents unwanted data outflows.