Notice E0 Phase 1 Shelf Readiness

Notice E for promoting investments in digital health global goods

Cryptographic protection of PII and PHI using opensource software

Two-sentence overview: 

The goal is to protect Personally Identifiable Information (PII) or Protected Health Information (PHI) that are utilized in digital health software tools or approved Digital Square global goods. StrongKey’s appliances, deployed in an on-premise or managed service mode, run an open source software stack that protects PII and PHI by with strong authentication and data encryption. StrongKey has 18-years of related cyber-experience delivering such capabilities to organizations on six continents.

Executive summary: 

● The overarching goal is to protect Personally Identifiable Information (PII) or Protected Health Information (PHI) that are utilized in digital health software tools or approved Digital Square global goods. Protecting this type of information is critical to Digital Square being able to realize the value of its investment in digital health software tools or global goods that utilize PII or critical information. ● A typical investment for an on-premise deployment would be around $100,000 for an infrastructure that provides fault tolerance and high-availability, with about $25,000 annual support costs. Professional Services integration costs (for framework or specific global goods integration) would range from $25,000 to $50,000. ● StrongKey provides strong authentication and data protection using an open source software stack deployed on hardware appliances that can house either a Trusted Platform Module (TPM) or a Hardware Security Module (HSM). The hardware (TPM or HSM) is chosen to protect the security keys required for the cryptographic techniques required to achieve the overall goal. ● StrongKey has developed and delivered the reference server for the FIDO2 protocol which is an authentication protocol adopted by 250 key Fortune companies, including Microsoft, Google, and Apple, to name but a few. The FIDO2 server provides strong authentication, while sensitive data such as Personally Identifiable Information (PII) or Protected Health Information (PHI) can be secured through the use of simple web service (SOAP or REST) API calls. For the non-technical this makes cryptography easily implementable to developers, and takes away the headache of understanding the nuances of cryptography. ● One thing to note is the type of tools and goods that Digital Square is investing in is open to ransomware attacks by aggressive bad actors. StrongKey is able to mitigate such attacks with the use of the appliances described here.

Consortium Team: 

We are able to partner and add-value to every consortium member that handles Personally Identifiable Information (PII) or Protected Health Information (PHI) as part of its solution offering

Digital Health Atlas: 

Need to register

Geographic Reach: 

StrongKey has major implementations across six continents.

Source code: 
WHO Classification: 
Data interchange interoperability and accessibility
Application Status: 
Not Approved
Application Tags: 
mobile data
data privacy, security, and confidentiality
data auditability
shared health record
electronichealthrecord

Comments

Hi Dave,

Thank you for submitting a concept note for Notice E0. Please upload the concept note template attachment, which should include your project description, including background or problem statement, objectives, deliverables & schedule and risk mitigation. Final concept notes are due May 22 at 5pm EDT.

Thanks,

Caitlin

Hi Dave,

Thanks for the first draft, the features are vast and we'd ask that you clarify the focus of the requested investment and or review other submitted applications to identify possible partnering / consortium opportunities. 

Thanks

updated documents