The corona pandemic and the resulting lockdowns led to far-reaching restrictions in everyday life. The relocation of activities from the usual office to the home office created challenges in the data protection-compliant processing of digital information. This process has not yet been completed, meaning that data protection in the home office is still a weak point. The ongoing digitalization of services of all kinds has progressed due to the pandemic. However, it is clear that there are still far-reaching deficits in this aspect. In particular, there are considerable deficits in data protection-compliant communication and the legally compliant exchange of sensitive data. This is especially the case in the medical, justice and public administration sectors. A repeat of a pandemic is possible at any time due to the existing globalization. It is therefore essential to create a versatile and secure solution for the legally compliant exchange of sensitive data.
The current solutions DE-Mail, KIM and beA already attempt to offer basic functionality in the relevant areas. However, they can only be used by the general public to a very limited extent or are restricted to certain professional groups and specific application cases. In order not to go into further detail here, it should be noted that all the services mentioned have only been implemented as isolated solutions for selected areas. Each service has its own infrastructure and uses different authentication mechanisms. Interoperability between these solutions is therefore not possible. The creation of a generic approach, which includes both the named and non-included areas, is therefore a target-oriented solution. The inclusion of offices that continue to handle their communication by post in the program proposed here also makes sense. The use of official postal communication in the age of digitalization is no longer appropriate.
The logical conclusion is the creation of a generic approach for all professional and personal groups in accordance with the principles of data protection, traceability and legal protection.
The communication solution should be freely accessible to everyone and have no restrictions. Registration for the solution should be quick and easy for every citizen as well as every authority, law firm or practice. First of all, however, there must be a clear differentiation from conventional communication services and messengers. These also have end-to-end encryption, but lack the additional authentication and authentication measures as well as the feature of legal security. It is possible to implement this to a limited extent with the well-known messengers. However, for official, medical or judicial communication, authentication via telephone number alone is simply not sufficiently legally secure.
Our solution is based on the data protection-compliant transmission of information according to the principle of end-to-end encryption. The information transmitted by the sender can only be read by the recipient of the message. Data protection is therefore guaranteed over the entire route through the Internet, because if the message is intercepted, only the encrypted data is captured. The aim of end-to-end encryption is also to ensure that the unencrypted content of the message cannot be deduced, even when large amounts of computing power are used. To achieve this, it is necessary to use a tested standard. In the event that encryption is vulnerable due to a security gap or is classified as insufficiently secure due to technical progress, it must therefore be possible to replace it with newer standards.
The explanation of the additional security methods as well as the concept for legal certainty cannot be explained further at present for reasons of confidentiality.
The project is designed to make it possible to send data from person A to person B securely and reliably without creating additional metadata that can be analyzed by the service operator. The collection of metadata leads to profiling about usage, location, etc., which is an essential component of targeted advertising, for example. This is not desired by AXO Systems, so that no metadata is collected when the communication service is used. Furthermore, handling should be as simple as possible so that security is guaranteed at all times and no one can spy on or decrypt the data of either communication partner. Encryption is therefore always active by default. In the event of higher security requirements, it is possible to exchange the encryption methods. The exchange of methods can also be used to test experimental encryption algorithms or to design individual and self-sufficient communication systems within an organization. It can be used by means of an add-in in an e-mail program or as a stand-alone messenger. The use of the messenger is designed for both desktop systems and mobile devices.