The preservation of trade secrets

Start-up company 'utilacy` offers perfect digitization methods while maintaining data protection

According to a representative survey, around two-thirds of German companies regard data protection as the innovation killer of all. There are 18 different interpretations of data protection authorities in Germany alone, as well as various European court rulings and their interpretations. This can bring smaller companies to their knees. In times of digitalization, a company's data is its greatest asset. The question that inevitably arises is: What can I do with my data? What options am I permanently losing? Stymied by data protection or by the works council, data sets lie dormant in all companies, but they can be used, networked and evaluated in a meaningful way to become more economically effective or more competitive.

The country needs new opportunities. This is where Prof. Dr.-Ing. Tibor Jager, Dr.-Ing. David Niehues, Moritz Schmidt, Amin Faez and Sebastian Overhage come into play. The heterogeneous team around the proven cryptographers of the Bergische Universität, plans to offer technical possibilities in the course of a project, which can analyze confidential data under protection of the data protection as well as possible trade secrets nevertheless, in order to bring enterprises economically surely into the future. The project has now finally resulted in the start-up company utilacy GmbH. Utilacy is a compound word made up of the terms 'UTILity' and 'privACY'.

Cryptography - much more than encryption

"Modern cryptography is much more than pure encryption," says Tibor Jager, Chair of IT Security and Cryptography. "One example is digital signatures, i.e. digital signatures that we all already use in everyday life, be it on the Internet, on our cell phones or our ID cards. Data sharing is also something that has been studied in cryptography for 40 years. Now, however, we've reached a point where we can really use these methods well in practice because they're mature. This also has parallels with the development of artificial intelligence, because there, too, the methods have basically been known for 60 years and are now finding their way into practice." The problem with digitization, however, he said, is that in many places we have data that we have not been able to use until now because of confidentiality requirements such as data protection or even internal trade secrets. "But that's exactly what this technology is for today," Jager continues, "and the potential has been recognized by colleagues David Niehues, Moritz Schmidt, Amin Faez and Sebastian Overhage. They can now help people and companies make digitization possible." So far, unfortunately, only either data protection or use has been discussed. But the new start-up can prove that both work at the same time. The IT specialist cites a simple example. "We can calculate the average age of all employees in a company without an employee having to reveal his or her actual age, so data protection remains. And that works with all other confidential data as well. Even in the discussion about the use of health data from the Electronic Patient Record, which Health Minister Lauterbach is pushing at the moment, he said, the issue is often that data protection must be weighed against the use of data for research. "The use of health data could lead to the development of better approaches to healing. At the same time, however, we are talking about highly protectable, private data of individuals. In this area of tension, modern cryptography could help find innovative solutions from which we as a society can benefit without neglecting the protection of the individual or individuals," adds Jager.

Bandwidth of networks and endpoints has increased

"Earlier methods with static servers are also no longer necessary today," explains start-up founder Moritz Schmidt. "People have realized that IT can work more cost-effectively there, too." Changing end devices of all sizes, as well as the enormous bandwidth of networks, can be served by the project. "Today we have the computing power and also the technological understanding, so we can do it now," adds founding partner David Niehues, "and we want to counter the discussion that data protection makes it impossible, because the data that is urgently needed can be used regardless of data protection. This has been clear to cryptographers for a long time."

Into the future with SMPC

The utilacy project has already been awarded the Gründungspreis+ in the start-up competition Digital Innovations of the Federal Ministry of Economics and Climate Protection in August 2022 and works with the so-called Secure Multiparty Computation technology, or SMPC for short.

Jager says that utilacy 's approach was particularly commended for the fact that young entrepreneurs use this technology and bring it into an application context. Data from our computers could suddenly do unusual things. In the automotive sector, for example, the scientist explains, maintenance can be predicted, and production plants could even become significantly more efficient through networking. Machine manufacturers could design more precise models using information about the production processes of other companies without knowing their exact procedures. This could also lead to previously unthinkable cooperative ventures. Says Schmidt: "Even competitors can now shake hands and increase their efficiency, supporting each other without losing their own data. There is immense potential lying dormant here that is not being exploited at the moment."

Customers from all industries are served

The founders see potential customers in almost all areas of business and administration. They distinguish between internal and external projects, which can be scaled according to industry and company size. Often, even within one's own company, there is the difficulty of passing on data beyond one department. The area that goes beyond company boundaries, Schmidt explains, then involves industries that perform similar activities, or are similar in terms of systems. With the new technology application, these companies could compare themselves and see where they stood in the competition in order to then improve their production units. There would also be new opportunities in the insurance sector. "For example, if several insurances in a company are usually divided in a pillar-like manner, i.e. health insurance, car insurance, life insurance, etc., it has so far seemed impossible to view the end customer as a single unit. Our system offers the possibility of obtaining an all-encompassing view of an insured person by combining the various pillars within the organization," says Schmidt.

A difficult subject explained simply

For the start-ups to be successful, they must first and foremost convince their customers. That's not so easy with this topic. Jager gives an example: "Let's assume we have a life insurance division and a motor vehicle division. They are not allowed to exchange data with each other. So if I have someone who has already attracted attention by trying to defraud his car insurance company with a falsified invoice and this person now inquires about life insurance, this department would certainly like to know whether this customer is 'clean' so that it can't make him an offer in the negative case." But this is not possible across departments, because the other department would then gain knowledge about a customer that is none of its business. "This is exactly where the techniques come in. So I have someone inquiring about life insurance, and I ask the motor vehicle clerk, who has the list of his fraudsters on hand, for a specific name that must not be revealed, so the person being asked only has to answer yes or no." In technical and privacy terms, this process looks like this, "You can think of it as a magic box that sits between the two departments, into which the respective departments enter their information, which remains secret to the other party. Inside the box, the information is then read, processed and filtered so that only the one piece of information comes out that tells the employee whether to make an offer to the customer. Except that in reality there is no box, but instead a clever application of advanced cryptographic methods. A customer's name and address are effectively encrypted into a unique fingerprint that allows no conclusions to be drawn about the person and can be compared across departments. The fingerprint would already look different if it were requested again, so data protection is guaranteed here as well." Jager knows that because of an extensive mathematical knowledge, technical explanations are often incomprehensible to the layperson. "The fact is," Jager says firmly, "these algorithms are mathematically provably secure, and in that sense unbreakable, because you can build procedures that way today."

Platform can evaluate standardized formats

In practice, this process works via an external platform, Schmidt explains, which saves companies unnecessary and expensive specialist personnel as well as outsourcing costs, thus pulling the work out of the company. To this end, the founders then provide interfaces as well as connectors to other standard services such as Excel. "We then have a frontend, so to speak, which the customer can use to connect data from different areas, for example. I.e. the customer maintains his data in the platform, there they are evaluated by the application of cryptographic procedures in such a way that even we as platform operator cannot see them. Then the results are fed back to the corresponding customers. Of course, you have to talk to all the players across companies in advance so that you also get diverse data that is then evaluated. You then need a standardized format from everyone and can deliver results after a given time."

Lighthouse projects can pave the way

The first lighthouse projects could include companies that want to evaluate their internal sensitive data. This path, he said, could then lead further to cross-industry networking. "The metal industry, which wants to compare its parameters, also competing companies, which after all also have price pressure, could benefit from this technology," says Jager. "For example, if I have a supplier from whom I purchase steel in large quantities and my competitor does the same, we could join forces to possibly negotiate a better price. Or maybe we have customers in common. If both companies were to generate large sales in the same countries, perhaps in the future only one would need to book a business flight there in order to offer something jointly. So even competing companies, without sharing secrets, can get positive effects out of it." Transportation companies could turn half-full loads into full loads by collaborating with other companies on the same routes. The same transport routes with fewer vehicles would then also mean more climate protection. "Competing supermarkets could identify potential for improvement in sustainability, for example by comparing how much food they have to dispose of unsold because the expiration date has been reached. If their own store is doing much worse than the industry average there, then it might be worth taking a look at what they could do to improve in that regard."

Schmidt also sees another enormous savings potential in product development in the pharmaceutical sector. "If you could work anonymously, so to speak, with the existing data from a study, enormous sums could be saved, simply because existing studies would not have to be repeated."

Start-up founders provide information now

Pilot customers are welcome and can obtain information immediately at info@utilacy.de and the website www.utilacy.de.

Uwe Blass

Prof. Dr.-Ing. Tibor Jager heads the IT Security and Cryptography department at the Faculty of Electrical Engineering, Information Technology and Media Technology. His colleagues include Dr.-Ing. David Niehues, Moritz Schmidt, Amin Faez and Sebastian Overhage, the new founders of the start-up company utilacy GmbH.