The Industrial Data Space is a peer-to-peer network, a virtual data space that supports the secure exchange and the simple linking of data in business eco-systems on the basis of standards and by means of common governance models. For companies, data is only valuable if it can also be processed. At the same time, a comprehensive and generally accepted new way of handling data must be embedded in the way it is exploited and used. In order to collect common requirements and to establish common standards, involved Fraunhofer Institutes and companies are organized in the so-called International Data Spaces Association.
Digital sovereignity over data - how it works
Data are only exchanged if they are requested by reliable, certified partners. The data provider – i.e. the company – determines who may use the data, for what purposes and under which conditions (usage control). As a result, partners in a value chain can individually or jointly access certain data by mutual agreement in order to start something new, develop new business models, design their own processes more efficiently or otherwise initiate additional value creation processes.
Tasks of the IAD department
The Fraunhofer IOSB contributes to the security architecture of the Industrial Data Space in terms of engagements in work packages concerning:
- data provenance tracking,
- usage control and
- attestation of components.
Data provenance tracking technology track flows of data across system boundaries, logs them and thus makes data transfers traceable. This kind of knowledge supports usage control technologies, which aim to enforce that data usages take place in compliance with negotiated policies. Usage Control allows a data provider to a-priori specify policies concerning the usage of his data, and the data consumer has to implement technical mechanisms for enforcing these policies. Such mechanisms are provided by the Industrial Data Space in the so-called Trusted Conncector. However, the data provider can only trust in these mechanisms if an attestation of the runtime environment as well as the usage control and data provenance tracking components based on hardware trust anchors is performed so that possible tampering can be detected.