Skip to Content
Author's profile photo Francesco DI CERBO

Yes I can share it with you, but…

“…but please remember, it’s confidential! please avoid reading this in places with potentially curious people… …and in countries mentioned in the document, you know how sensitive it is and the consequences a disclosure can cause to our business… OK?”

“Yeah sure, I am just about to take off but I have a couple of hours to wait in the connecting airport… you don’t mind, right?”


How much do you trust people when you share information, that you are responsible for, with them? What care and attention do you expect? Or on the other hand, how much do terms, requirements and constraints on confidential documents stand in the way are complicated to remember while working under pressure or while travelling or both?

At SAP ACES Product Security Research group, we thought about a component that can simplify the consumption of contents in mobility, supporting users in consuming confidential pieces of information with a pleasant user experience and in a compliant way. We developed a mobile research prototype that is able to download confidential information, and allows its usage according to data-specific usage policies. The prototype relies on a cloud application (deployable on SAP HANA Cloud) for data & policy storage. This research prototype comes from SAP ACES Product Security Research group.

Our research prototype relies on a library, ProtectMe, that takes care of downloading pieces of information together with their specific policies; the library is then able to recognize and enforce such policies while the data are being used. Moreover, the library takes care of implementing any obligation prescribed by the policy and/or by regulative terms like the EU Directive 95/46/EC on data protection (e.g. delete data after a certain time, send notifications to information owner and so on). So, ProctectMe is also an effective tool for apps needing to comply with prescriptions connected with the safeguard of privacy of personal information.

The integration of ProtectMe with a third-party app minimizes the impact on user experience, thus to facilitate the user acceptance of the new functionality in existing apps; on the other hand, the ProtectMe simple API permits for a very easy integration with any app’s business logic, without requiring significant knowledge or training for app developers.

Let’s see a concrete example scenario, to see how all this works… and a bit of action!

Important: Please note that the following work stems from research activities and has prototypical character. It does not correspond to functionality offered by official SAP products

Let’s suppose that a hospital provides to its patients a mobile application for booking visits with specialists.

A hospital clerk receives visit requests and confirms them, assigning a time slot and a doctor.

Then, the hospital’s doctors are provided with an app for their tablets, that automatically keeps track of scheduled appointments.

But wait, where’s the novelty here?

The two mobile apps realize an interesting functionality: a patient can attach to an appointment request a file, for instance an x-ray or a previous examination report. This association requires the expression of a confidentiality policy, regulating access and usage conditions for the file being associated. Therefore, only a doctor who works in a specific medical domain required by this appointment, will be able to access its attachment, and not the clerk. However, the privacy policy also requests that a doctor can open an attachment if and only if the patient is in the same room as the doctor, and that the attachment is deleted automatically from doctor’s device after few minutes after its usage.

Let’s see it live:

ProtectMe takes care of enforcing automatically all policy prescriptions. The privacy policy can foresee also other conditions, connected with physical location of the doctor: for instance, the doctor’s device must be connected to the hospital’s wireless LAN. The policy can also prescribe obligations for the attachment, i.e. actions that must be performed when data are used; for instance, notifications must be sent to the patient when the attachment is opened.

The use case diagram of this scenario is here:


And here is a simplified block diagram, showing the different scenario elements, and not detailing their connections for the sake of simplicity:


Much more is to say, for instance, with respect to the definition, management and enforcement of declarative policies on mobile devices, taking into account conditions gathered by sensors on mobile devices. These are perhaps good topics for upcoming posts…

More details on ProtectMe, on PPL and to the concept of “sticky policy” (usage control directives) can be found at the following links:

or simply by contacting Francesco DI CERBO or Slim TRABELSI from SAP ACES Product Security Research group.

Special Thanks to Stuart SHORT for the precious help.

Assigned Tags

      1 Comment
      You must be Logged on to comment or reply to a post.
      Author's profile photo Francesco DI CERBO
      Francesco DI CERBO
      Blog Post Author

      We will present the ideas and prototypes described in this post at d-kom 2015 in Walldorf: see more details at Live at d-kom March 3 in Walldorf: Towards Simple Confidential and Compliant Data Sharing on Cloud and Mobile