Anyone applying for a loan, renting an apartment, or starting a new job today often shares more about themselves than they would like: pay stubs, credit reports, copies of ID, and sometimes even health information. What used to be filed away in thick paper files is now digitally recorded, copied, and forwarded with just a few clicks. And thus remains potentially in circulation indefinitely.
While digitization greatly reduces the effort involved in data processing and collection, it simultaneously lowers the threshold for collecting and sharing sensitive personal data. Especially when it comes to identity, financial situation, or health, the question becomes urgent: Who has access to what information, when, and how can I retain control over it?
Traditional measures such as encryption or strict access rights are important building blocks, but they reach their limits when data needs to be used or verified across organizational boundaries. But what if the individual no longer has to “hand over” their data at all and can still identify themselves in a credible and externally verifiable manner?
Federated data processing for the protection of sensitive data
This is exactly where federated data processing comes in. In this article, we show how federated approaches can help protect sensitive personal data without sacrificing efficient digital processes.
The advantage of this approach is that trust can be built within a digital ecosystem without having to disclose personal characteristics that require special protection. Technically, this is typically implemented using a secure digital wallet, as described, for example, in the EU’s EUDI Wallet Standard (https://ec.europa.eu/digital-building-blocks/sites/spaces/EUDIGITALIDENTITYWALLET/pages/694487738/EU+Digital+Identity+Wallet+Home). In this ecosystem, so-called trust anchors and accreditation bodies ensure that only reliable organizations are permitted to issue credentials.
Initially, a person’s identity is verified and stored in the wallet in the form of cryptographically secured credentials. Additional attributes, such as professional qualifications, membership in an organization, or even health information, can be added by the respective competent, trusted authorities. The individual then decides, depending on the context, to which organization they wish to prove their identity and which attributes they will provide for that purpose. This principle is known as selective disclosure: it allows only the data that is actually necessary to be shared, thereby implementing consistent data minimization.
For particularly sensitive information that should not be shared directly at all, so-called zero-knowledge proofs can be used. In this process, a trusted third party cryptographically confirms that a specific attribute exists and has been verified without disclosing the underlying content. For example, it is possible to prove that a person meets certain requirements without having to disclose the complete document (such as a criminal record or a health record).
TrustED is researching methods for securing personal data
One project by Fraunhofer ISST in which these principles are put into practice is TrustED (https://trustedproject.eu/). The project’s goal is to research various methods for securing personal data and to develop prototypes of both an EUDI wallet system and a federated processing environment for health data. What both systems have in common is that they rely on modern cryptographic methods and federated architectures to prevent the unintended dissemination of personal data.
The first use case of the TrustED project serves as a concrete example of selective disclosure and zero-knowledge proofs: The wallet supports volunteers in applying for positions at NGOs (non-governmental organizations = independent, non-profit organizations without a government mandate). Volunteers should only disclose the information that is truly necessary for the specific activity. For example, a criminal record does not need to be fully disclosed for this purpose. Instead, a trusted authority can use a zero-knowledge proof to simply confirm that there are no relevant criminal convictions without disclosing the detailed entries.
From a technological standpoint, this use case is implemented, among other things, through the use of EDC data room technology (Eclipse Dataspace Components). It connects the various components of the TrustED project into a secure and sovereign overall system and ensures that data flows only under clearly defined, verifiable conditions.
More Information about TrustED:
- Podcast:
“Die Datenräumer” episode 15
“Digitale ID statt Plastikkarte” (only in German): https://www.isst.fraunhofer.de/en/publications/podcast.html
Neueste Kommentare
Neueste Beiträge
- Daten sind der Treibstoff für KI – aber ohne gute Daten bleibt KI ein Versprechen
- Protecting Sensitive Personal Data Through Federated Data Processing
- Workload-Shifting für ein nachhaltiges Lastmanagement in Cloud-Umgebungen
- Edge-Cloud: Wie gelingen Effizienz und Nachhaltigkeit?
- Energieeffiziente Software II — Der Softwareentwicklungsprozess (SDLC) mit grünem Fokus
Schreibe einen Kommentar