MyPrivacy enables the secure data exchange via the cloud
Cyber attack scenarios are becoming increasingly sophisticated and can hardly be adequately averted with existing IT security solutions. MyPrivacy has rethought security and released a patented solution to protect both sensitive data and users in the cloud.
In recent years, the number of cyber attacks has increased dramatically, with the damage caused becoming more and more costly. The effects of such attacks are manifold, ranging from system failures and data theft to data loss or manipulation.
According to the KPMG Cloud Monitor from June 2021, 63 percent of companies with 20 or more employees are already in the cloud. The cloud offers many advantages for companies: flexibility, efficiency and resilience. However, the decision to use a public cloud infrastructure can also exacerbate security risks and compliance challenges due to unclear legal situations. According to KPMG, non-users fear unauthorized access to company data as well as data loss.
It is absolutely in the self-interest of every company to prevent cloud providers from accessing their data or analyzing their user activities / accesses for their own purposes. This can only be ensured with technologies that are independent of the service providers.
MyPrivacy enables enterprises to move securely to the cloud.
MyPrivacy developed a new approach to securing data stored and exchanged via online services without requiring blind trust in the service provider. We created a cryptography protocol that prevents the system operator from learning anything about the content or structure of the data or the users who access it. The protocol prevents linking of requests, the tracing of user activity, and the analysis of user relationships. It also protects against manipulation of the data or repudiation of its receipt by the system operator.
Before data leaves the user´s device, it is broken into chunks of uniform size that are encrypted end-to-end. The chunks hide the original data structure. The data can only be reconstructed after each corresponding chunk has been retrieved and decrypted. Unauthorized users cannot locate or decrypt the chunks, even if they were to somehow steal all the chunks stored in the system. Only the data owner knows which users have been granted read or write access and for what period of time. Only the owner can determine which users have accessed the data and only the owner can revoke their access authorization.
How can we ensure proper access control if the requests are anonymous and only the owner knows who has the right to access the data?
How do we make sure that the requests are rejected once the access rights expire?
How do we enable auditability of the system without sacrificing anonymity?
A key technology we rely on are Zero Knowledge Proofs.
They guarantee that access rights can be reliably verified without revealing whether the requests come from the same user or different users. The protocol protects data and users alike. Data remains secure, access rights secret, and requests anonymous even if the system is compromised. We no longer have to worry about whether the service operator will resist the temptation to analyze our data and metadata. We simply obfuscate what data is ours, when we access it, with whom we share it and who shares data with us.