Since its launch in 2007, the KMU-innovativ funding initiative has met with an exceptionally positive response. The funding
approved to date amounts to over 1,266 million euros for more than 1,700 individual and collaborative projects involving around
2,900 small and medium-sized enterprises. This means that the KMU-innovativ funding initiative represents around a quarter of
the SME funding provided by the Federal Ministry of Education and Research.
The consortium of the DASOMAN funding project, led by let's dev, consisted of the following partners:
- Deutsches Forschungsinstitut für künstliche Intelligenz
- DURY Rechtsanwälte
- let’s dev GmbH & Co. KG
- Mondata GmbH
Presentation of the proposal
Big Data is changing the corporate world and society. The amount of available and generated data is constantly increasing;
worldwide, the available storage capacity rose to approximately 7235 exabytes in 2017. This is accompanied by new, technological
possibilities to manage this flood of data: High-performance computing, deep learning, "analytics at your fingertips" are no
longer just technological visions, but are increasingly being applied in all areas of business and society.
At the same time, concerns are growing on the part of consumers: Is my data secure? Who is using this data? What data is being
collected? Will this data be shared? DASOMAN aimed to create an end-to-end system approach for transparent, privacy-preserving
and secure analytics.
- Security: To prevent unwanted access by third parties, the consistent use of established cryptographic methods played
a central role in the funding project. In addition to the indispensable strong encryption of the transport layer, it was
evaluated in consultation with the developers for the application scenarios mobile analytics and recommender systems which
data can be stored encrypted in the backend layer without significant loss of functionality. This gives the end user
guaranteed control over the use of their data by integrating key management.
- Data Sovereignty: Through DASOMAN, the consumer is given the opportunity to actively exercise control over the data
he provides, to independently overview and manage his data. This means that he can view the data provided at any time,
access it and delete it if he wishes. In order to enable consumers to make an informed decision regarding the disclosure of
their own data, they need transparency, especially with regard to the question of whether stored data allows conclusions to
be drawn about their person (quality of anonymization).
- User acceptance/trust: Providers of apps and/or data services are often not aware of the challenges outlined. For
this reason, a software development kit (SDK) was designed that allows easy integration of the security mechanisms and
provides corresponding, configurable user interfaces for end users that both visualize the intended data use in a
user-friendly manner and give the user the option of configuring these functionalities accordingly. This includes both a
corresponding authorization concept (which institutions are allowed to use which data for which purpose, once or always?)
and a certification mechanism that proves to the app or service provider that the data is being handled in a trustworthy and
technically secure manner.
- „Big Value needs Big Data“: In order to continue to enable data-driven analytics that should bring benefits to both
end users and providers of data-driven apps and cloud services, a novel concept for privacy-preserving data analytics was
developed in DASOMAN. This included both the previously mentioned aspects for security and user acceptance as well as APIs
for the decentralized, also client-side enabled analysis of data. In this way, it was possible to ensure that only the data
for which the user has given consent is processed in server backends. Nevertheless, more complex analyses combining
client-side and server-side data are also made possible.
Data Sovereignty Manager
Data protection and data-based business models are compatible. Modern analytics are based on anonymized information and scale
through sovereign user data management. This results in the following core aspects:
- Data Sovereignty: Cryptographic software components allow anonymity assessments of personal data to make informed
- Data Value: Protocols and platform for maintenance, as well as interfaces to high-value customer data for
outstanding, personalized services.
- Zero Knowledge: Integration of innovative encryption techniques to protect personalized data.
The aim of the funding project is to provide end users of apps or web applications with greater transparency and decision-making
options regarding the use of their data. At the same time, data processors are to be enabled to handle user data in a legally
compliant manner. To this end, the Data Sovereignty Manager (DASOMAN) is placed between the end user and the data processor. The
service, which consists of various components, manages the end user's data and authorizations, informs the end user if the data
transmission allows conclusions to be drawn about his or her identity, and enables the end user to change user settings
accordingly. On the other hand, the data processor benefits from the use of the DASOMAN service because the data collected by
DASOMAN is transmitted anonymously in compliance with the law and at the same time the information value of the data is
The DASOMAN application supports users in the individual and sovereign configuration of data releases for applications. In the
DASOMAN funding project, methods were researched and developed that allow personal anonymity to be individually assessed before
data is uploaded in encrypted form. The applications each receive separate encrypted access to the data released by the end
Showcase Movie App
The information stream for the Showcase Movie App is shown in the figure below. There are the roles DASOMAN, end user and data
user. In this example, the data user is the provider of movie reviews and is interested in transmitting personalized movie
recommendations to the end user. These are assigned various attributes, which can be used for categorization, filtering and
sorting. The end user can store his interests via the DASOMAN SDK integrated in the data processor's app and share them with the
data processor. The data is transmitted to the DASOMAN backend in encrypted form using the encryption technology used in DASOMAN
and, when released, is re-encrypted and transmitted to the data recycler. The data processor can then decrypt and utilize the
data with its own key.
The app developed for the use case communicates with the 3rd party service of the data processor and receives a list of movie
recommendations through it. In the first step, these are not personalized. Through the integrated DASOMAN SDK, the end user can
view the data to be collected in the settings, set or change values himself and release each data type individually. This gives
the end user sovereignty over his data and allows him to determine which data should be transmitted and released for the data
processor. If the end user's data is released in our use case, the user data can be processed by the 3rd party service. With the
help of a recommender, personalized movie recommendations are provided for the end user in the app based on the collected user
With DASOMAN, we provide the end user with transparency about the data that the data processor wants to collect. To ensure this,
the data processor creates an app via the DASOMAN middleware and records the data attributes to be collected. In our use case,
these are attributes such as genre, actor, location, etc. The DASOMAN middleware has a convenient user interface and then
generates the necessary configuration files for the DASOMAN SDK. Signature procedures ensure authenticity and prevent subsequent
modification of the data attributes to be collected. The DASOMAN SDK then securely transfers the data to the DASOMAN backend. If
data is released by the end user, the 3rd party service of the data recycler can receive, decrypt and process this data. In our
use case, personalized recommendations of movies are then transmitted to the end user via the app on the basis of the user data.