Skip to content

Data Encryption

Jump to bottom
angshuman sarkar edited this page Jul 21, 2020 · 1 revision

Information shared in data flow are secured using an encryption mechanism that ensures perfect forward secrecy. This means that even if any of the key materials stored at HIPs, HIUs or CM clients (either long-term private keys or session keys) are compromised, it would not be possible to decipher data that was previously exchanged. The encryption mechanism uses Diffie-Hellman Key Exchange (DHE), which is used in many Internet protocols such as SSH and TLS for establishing shared secret keys between remote parties.

Abbreviation

  • DHE: Diffie-Hellman Key Exchange
  • AES-GCM: Advanced Encryption Standard-Galois/Counter Mode
  • DHPK: Diffie-Hellman public key
  • DHSK: Diffie-Hellman secret/private key
  • P and U represent 2 participating system
  • DHK(U,P): Diffie-Hellman Key
  • Rand: Random String

The following details the process behind data encryption for CM client. When creating a data request, HIU should do the following:

  • Creates a set of Diffie-Hellman (DH) parameters
  • Generates a DH key pair (dhsk(U) , dhpk(U)) (which is a short-term public-private key pair)
  • Generates a 32-byte random value, rand(U) which is also called nonce.
  • The HIU sends these values to CM during the data request over SSL.

CM does the following

  • It generates a transactionId for the data-request and returns so to the HIU
  • Forwards the request to the HIP over SSL, along-with the transactionId

HIP does the following:

  • Checks validity of consent artefact, and if the data being requested is in accordance to the artefact.
  • Generates a fresh DH public-private key pair in the same group as specified by the HIU ((dhsk(P), dhpk(P))
  • Generates a 32-byte random value rand(P) aka nonce.
  • Computes a DH shared key dhk(U,P) using dhpk(U) and dhsk(P)
  • Computes a 256-bit session key sk(U,P) using dhpk(U) and dhsk(P), which is used to encrypt the data sent from HIP to HIU.
  • HIP sends the public key dhpk(P), the nonce rand(P) and the encrypted data to HIU over the specified "dataPushUrl" mentioned in the data-request. Please check the API documentation /health-information/transfer in the API documentation

API Documentation

PHR FHIR Envelope

Documents

Updates

Clone this wiki locally