BioPassport Technical Implementation — Encrypted data storage

User’s personal data are stored in encrypted storage(can be a distributed database or decentralized file system). We will use modified Elliptic Curve Diffie Hellman Key Exchange(we call it mECDH) to derive the key to encrypt the personal data. The mECDH uses the user’s private key and another secret(such as PIN, encrypted biometric data etc) to derive keys. Because we use the mECDH, as long as the user store the private key and another secret in different place, the stored data is cryptographically secure.

The mECDH algorithm can be used between two or more parties. Usually, the mECDH algorithm is used to derive key to encrypt or decrypt personal record (or part of personal record) using user’s private key and one more secret to protect data more securely. But multi-party mECDH can be used to create a multi-signature enabled data, which cannot be read unless all stakeholders agree.

With BioPassport, user can create/store his/her personal health data into the BioPassport Subchain via the BioPassport API. In this case the stored data can only be retrieved using the user’s private key and user’s secret data vie mECDH. If a user can request endorsement and/or test. Then the testor/endorser can add their additional data with their signature to the health record. Requests for test/endorsement and endorsement/test result submit is stored into the BioPassport Subchain as transactions.

So third party can easily verify that the test/endorsement really happened but they cannot read the actual data because they do not have the decryption key. To read the health record, the user can send permission to the third party to access his health record. The BioPassport uses the mECDH generated key to retrieve the health record, and then apply necessary de-identification process, and encrypt the modified data using another mECDH generated key(this time using both the data owner’s key and the data spender’s key). So the modified data also can be protected.