Funding initiative
Since its launch in 2007, the KMU-innovativ funding initiative has met with an exceptionally positive
response. The funding
approved to date amounts to over 1,266 million euros for more than 1,700 individual and collaborative
projects involving around
2,900 small and medium-sized enterprises. This means that the KMU-innovativ funding initiative represents
around a quarter of
the SME funding provided by the Federal Ministry of Education and Research.
Consortium
The consortium of the DASOMAN funding project, led by let's dev, consisted of the following partners:
- Deutsches Forschungsinstitut für künstliche Intelligenz
- DURY Rechtsanwälte
- let’s dev GmbH & Co. KG
- Mondata GmbH
Presentation of the proposal
Big Data is changing the corporate world and society. The amount of available and generated data is
constantly increasing;
worldwide, the available storage capacity rose to approximately 7235 exabytes in 2017. This is accompanied
by new, technological
possibilities to manage this flood of data: High-performance computing, deep learning, "analytics at your
fingertips" are no
longer just technological visions, but are increasingly being applied in all areas of business and society.
At the same time, concerns are growing on the part of consumers: Is my data secure? Who is using this data?
What data is being
collected? Will this data be shared? DASOMAN aimed to create an end-to-end system approach for transparent,
privacy-preserving
and secure analytics.
- Security: To prevent unwanted access by third parties, the consistent use of established
cryptographic methods played
a central role in the funding project. In addition to the indispensable strong encryption of the
transport layer, it was
evaluated in consultation with the developers for the application scenarios mobile analytics and
recommender systems which
data can be stored encrypted in the backend layer without significant loss of functionality. This gives
the end user
guaranteed control over the use of their data by integrating key management.
- Data Sovereignty: Through DASOMAN, the consumer is given the opportunity to actively exercise
control over the data
he provides, to independently overview and manage his data. This means that he can view the data
provided at any time,
access it and delete it if he wishes. In order to enable consumers to make an informed decision
regarding the disclosure of
their own data, they need transparency, especially with regard to the question of whether stored data
allows conclusions to
be drawn about their person (quality of anonymization).
- User acceptance/trust: Providers of apps and/or data services are often not aware of the
challenges outlined. For
this reason, a software development kit (SDK) was designed that allows easy integration of the security
mechanisms and
provides corresponding, configurable user interfaces for end users that both visualize the intended data
use in a
user-friendly manner and give the user the option of configuring these functionalities accordingly. This
includes both a
corresponding authorization concept (which institutions are allowed to use which data for which purpose,
once or always?)
and a certification mechanism that proves to the app or service provider that the data is being handled
in a trustworthy and
technically secure manner.
- „Big Value needs Big Data“: In order to continue to enable data-driven analytics that should
bring benefits to both
end users and providers of data-driven apps and cloud services, a novel concept for privacy-preserving
data analytics was
developed in DASOMAN. This included both the previously mentioned aspects for security and user
acceptance as well as APIs
for the decentralized, also client-side enabled analysis of data. In this way, it was possible to ensure
that only the data
for which the user has given consent is processed in server backends. Nevertheless, more complex
analyses combining
client-side and server-side data are also made possible.
Data Sovereignty Manager
Data protection and data-based business models are compatible. Modern analytics are based on anonymized
information and scale
through sovereign user data management. This results in the following core aspects:
- Data Sovereignty: Cryptographic software components allow anonymity assessments of personal data
to make informed
release decisions.
- Data Value: Protocols and platform for maintenance, as well as interfaces to high-value customer
data for
outstanding, personalized services.
- Zero Knowledge: Integration of innovative encryption techniques to protect personalized data.
The aim of the funding project is to provide end users of apps or web applications with greater transparency
and decision-making
options regarding the use of their data. At the same time, data processors are to be enabled to handle user
data in a legally
compliant manner. To this end, the Data Sovereignty Manager (DASOMAN) is placed between the end user and the
data processor. The
service, which consists of various components, manages the end user's data and authorizations, informs the
end user if the data
transmission allows conclusions to be drawn about his or her identity, and enables the end user to change
user settings
accordingly. On the other hand, the data processor benefits from the use of the DASOMAN service because the
data collected by
DASOMAN is transmitted anonymously in compliance with the law and at the same time the information value of
the data is
retained.
The DASOMAN application supports users in the individual and sovereign configuration of data releases for
applications. In the
DASOMAN funding project, methods were researched and developed that allow personal anonymity to be
individually assessed before
data is uploaded in encrypted form. The applications each receive separate encrypted access to the data
released by the end
user.
Showcase Movie App
The information stream for the Showcase Movie App is shown in the figure below. There are the roles DASOMAN,
end user and data
user. In this example, the data user is the provider of movie reviews and is interested in transmitting
personalized movie
recommendations to the end user. These are assigned various attributes, which can be used for
categorization, filtering and
sorting. The end user can store his interests via the DASOMAN SDK integrated in the data processor's app and
share them with the
data processor. The data is transmitted to the DASOMAN backend in encrypted form using the encryption
technology used in DASOMAN
and, when released, is re-encrypted and transmitted to the data recycler. The data processor can then
decrypt and utilize the
data with its own key.
The app developed for the use case communicates with the 3rd party service of the data processor and
receives a list of movie
recommendations through it. In the first step, these are not personalized. Through the integrated DASOMAN
SDK, the end user can
view the data to be collected in the settings, set or change values himself and release each data type
individually. This gives
the end user sovereignty over his data and allows him to determine which data should be transmitted and
released for the data
processor. If the end user's data is released in our use case, the user data can be processed by the 3rd
party service. With the
help of a recommender, personalized movie recommendations are provided for the end user in the app based on
the collected user
data.
With DASOMAN, we provide the end user with transparency about the data that the data processor wants to
collect. To ensure this,
the data processor creates an app via the DASOMAN middleware and records the data attributes to be
collected. In our use case,
these are attributes such as genre, actor, location, etc. The DASOMAN middleware has a convenient user
interface and then
generates the necessary configuration files for the DASOMAN SDK. Signature procedures ensure authenticity
and prevent subsequent
modification of the data attributes to be collected. The DASOMAN SDK then securely transfers the data to the
DASOMAN backend. If
data is released by the end user, the 3rd party service of the data recycler can receive, decrypt and
process this data. In our
use case, personalized recommendations of movies are then transmitted to the end user via the app on the
basis of the user data.