Crypto Bluebook – how Data4Life does cryptography
As part of our ongoing transparency effort we’re open-sourcing more of our code and documentation. Today we’d like to discuss how we handle your personal health data.
Data4Life develops and operates an encrypted data platform called Personal Health Data Platform (PHDP) that lets users do the following:
- Store and access encrypted health data
- Receive health data from external sources (like hospitals)
The Data4Life Crypto Bluebook describes the cryptographic protocols that implement the data-related tasks mentioned above.
The Crypto Bluebook is for digital health developers and anyone else who wants to understand our crypto implementation. Readers should have elementary knowledge of cryptography.
The Crypto Bluebook covers the following:
- Cryptographic basics
- Our crypto design
- Cryptography during user account creation
- Authentication and authorization
- Internal data model
- Protocols used for user data upload and user data download
Go here to view the Crypto Bluebook PDF file.
Our data encryption model is dependent on the user’s chosen password. That’s why we encourage new users to create strong passwords during registration.
But hoping that every user chooses a strong password, even with our encouragement, isn’t our preferred long-term solution. We’re therefore working to improve our architecture such that the encryption becomes as strong as the recovery password, which offers the equivalent strength of a random 132-bit AES key.
Keep your eyes peeled for any updates on the progress we’re going to report here soon. In the meantime we’re always happy to answer your questions, so please send any feedback and comments to firstname.lastname@example.org.