Title: CLOSING EVALUATION OF THE ENCAPSULATION

The encapsulation of a non-certified service application documents the processing of released data for the user. This enables the user to follow the processing and to examine it with regard to the observance of a user specification. The monitored execution of an application can thereby detect events caused by a storage or transmission of data. The application of protection-worthy data can be fundamentally followed, provided that the information flows in the application can be monitored. 

This approach therefore addresses the following aspects:  

1. Prevention of an non-consented storage or transmission of personal-related data, or creation in this regard of a base data.  

2. Prevention of an non-consented application of personal-related data, or creation in this regard of a base data.  

For this, the execution of a service application in the form of a sealed environment mapped by software is monitored and logged. The presence of the encapsulation can be verified analogous to the presence of a certified service application. The following requirement is therefore also fulfilled:  

1. Processing of the data in the presence of a mechanism that enables the base for transparency through an audit.  

The criterion can also be conditionally fulfilled. It is to be examined here, however, as to whether the restrictions enforceable through an encapsulation guarantee a confidential processing of protection-worthy data in the respective application case. 

The encapsulation involves a technical approach which observes activities of the service application through a monitor and generates a log, as well as makes the resultant log accessible to the user concerned. Through the employment of the TC-authenticated service access points, the user ascertains before service utilization that the service application concerned is executed in an encapsulation which records events and makes them accessible. The approach thereby creates the base for determining by a subsequent evaluation whether the processing of protection-worthy data has taken place in line with a processing guideline of the user. The logging of a service application through a certified encapsulation can thus provide a base data to set up a trust relationship between service user and service provider. 

Encapsulation of the Service Application

With the encapsulation of an unknown service application without information flow analysis, it appears that communication and storage events are observable. Irrespective of the direction of the data flow, it can be distinguished here more precisely, whether data is flowing to or away. Since no assertion can be made about the contents for the communication or storage, it must be assumed that protection-worthy data is communicated. Therefore, only with the absence of storage and communication events a reliable evaluation of the log can take place. This does not allow an insight into the application to gain information about the application of protection-worthy data. The certified encapsulation of an unknown service application enables the logging of:  

1. an incoming and outgoing communication and consequently of a potential transmission and 

2. storage of data.  

The observed execution of unknown service applications can, however, technically verify these facts for all applications that do not communicate any data to external applications.  

Encapsulation with Information Flow Analysis

With an encapsulation that has an information flow analysis, the observation of an unknown application is not just limited to the communication and memory events. The flow of information can be monitored dependent on type through the personal-related data provided with security types. 

This means that during a communication and storage, personal data flowing away can be detected on the basis of its security type. The number of suspicious cases that arise through communication and storage operations with an encapsulation without flow analysis can hence be reduced. This particularly benefits applications that communicate with further services for service provision or have to carry out storage operations. 

Furthermore, the information flow analysis gives information about the application of protection-worthy data by indicating which data is responsible for influencing a date. 

For an unknown application, the certified encapsulation with information flow analysis enables the logging of  

1. a communication where objects are transmitted,  

2. the storage of objects and  

3. insights into the usage of trustworthy data by means of its types.  

However, with both encapsulations it is not possible for a user to apprehend when the processing of his data has been completed. If the log of the entire processing is not available, i.e. the log is not complete; this can lead to false conclusions in an evaluation.