Our ZeroKit brings end-to-end encryption to digital health apps
We’re launching ZeroKit. Our new tool helps developers protect user privacy and security by adding end-to-end encryption and secure authentication to their applications. As announced on Apple’s CareKit blog, ZeroKit enables end-to-end encryption in digital health apps.
We’re happy to see that there are more and more apps for messaging, file sharing and email that embrace end-to-end encryption to help us protect our data and control our privacy. But, what about digital health apps? If you use a fitness tracker to stay on top of your health or store your medical records in an app to have it at hand, you are sharing some of the most sensitive information you possess which puts you at risk for data breaches and medical identity theft.
Health and medical information includes data that is especially valuable not only for companies buying data from apps but also for hackers. Medical records have 10 or 20 times the value of a U.S. credit card number. According to a report conducted by Experian, more than 180 health care institutions were breached in 2016 alone, affecting millions of people.
At the same time, digital health applications reached a tipping point in 2016 along with their enormous potential to empower people to control their health better. However, security and privacy concerns still need to be solved to allow for a widespread adoption of such tools.
At Tresorit, our mission is to help people protect their data. This is why we’re launching our new developer tool ZeroKit that makes our core end-to-end encryption technology available for all developers. Released now in open beta, ZeroKit is ready to help developers who want to integrate end-to-end encryption in their apps, including health app developers using Apple’s CareKit framework.
What is ZeroKit?
ZeroKit is an SDK that helps developers solve two of the most pressing security challenges that digital health apps and medical organizations face:
- First, it helps developers protect and store patients’ Protected Health Information (PHI) in the cloud with end-to-end encryption and comply with HIPAA requirements easily.
- Second, it is a secure, zero-knowledge proof user-authentication service to protect user passwords from breaches and make the most common password attacks like “pass the hash” or “brute force” infeasible.
In short, it brings the security and privacy of Tresorit’s file sync & sharing service to apps including digital health tools.
Similar to Tresorit’s file sharing app, ZeroKit ensures that user passwords and user data such as medical records will never reach the servers in plain text. All encryption and password transformation happens at the users’ own devices, and the readable formats never leave the devices, which guarantees that unauthorized people can not read user data. Even in the case of a server data breach, hackers will only find unreadable data.
Authentication goes hand-in-hand with end-to-end encryption of data: without that, end-to-end encryption is not complete. ZeroKit is an out-of-the-box solution for this complex task and is easy to integrate for teams without cryptography expertise.
ZeroKit integrates with Apple’s CareKit
As announced on Apple’s CareKit blog, ZeroKit also integrates with Apple’s open source healthcare application framework that is already implemented by popular applications and leading medical institutions. Apple is committed to protecting privacy and security and has been taking a stand for strong encryption for a long time.
The CareKit framework provides the building blocks of digital health applications from data monitoring to analytics and also secures data locally on the device with Apple’s strong encryption. ZeroKit takes care of managing data in the cloud by enabling developers to securely store sensitive patient data (PHI) in the cloud across devices using end-to-end encryption. Combining the two SDKs, developers have tools to build secure and smart digital health apps more easily.
ZeroKit is used in healthcare by early adopters. The Diary’s CarePro is a mobile workflow tool to automate care coordination. DrNearMe is an application that connects doctors and patients. Caret is a smart address book and messaging app. We’re excited to help more companies to innovate digital healthcare and protect their users with our security toolkit.