Security Architecture

Overview

The BioT platform is built with security as part of the design. It incorporates security aspects into every step of the design, coding, implementation and deployment. This ground up security design allows BioT to offer IoMT (Internet of Medical Things) manufacturers state-of-the-art security that is specifically tailored for medical use. Unlike conventional systems, security systems for medical devices and medical use need to ensure no data leakage to unauthorized entities can be caused. They must take into account issues like PHIPHI - Protected Health Information under the U.S. law is any information about health status, provision of health care, or payment for health care that is created or collected by a Covered Entity, and can be linked to a specific individual. privacy, regional data protection and control, data availability, and access control measures. On top of these considerations, the system must also adhere to security best practices, and guidelines by authorities like the FDA, to eliminate the ability of an attacker to infiltrate the service and cause harm (disruption of service, manipulation of data, data theft, etc.).

The BioT platform offers extensive access controls and auditing capabilities. We allow our customers full control over their data, as well as integrated data availability and control tools, preventing data from being lost. This allows our customers to adhere to the highest level of self-regulations, as well as any local and/or global regulations such as HIPAA and GDPR, as well as FDA cybersecurity guidelines and many other standards and regulations.

Security Architecture Overview

The system is deployed on Amazon cloud behind Amazon Internet Gateway that acts as a firewall as well.

All API communication with users, devices and servers (API communication) is secured over HTTPS/SSL connections.

Key management is done using Amazon KMS service which is FIPS 140-2 compliant and manages keys using a Hardware Security Module (HSM). Key validations, circulations, revocations, etc, are done using Amazon KMS.

The system allows 2 main communication channels:

  • Web services communications – users and API communication.
  • Device communication.

User/API communication is encrypted end to end and is inspected for application level attacks using a Web Application Firewall (WAF). No non-HTTPS communication is allowed and all ports are closed for non-HTTPS communication.

Device communication is MQTT based (encrypted end to end, and mutually authenticated) and goes through the
AWS IoT core. Non-MQTT protocols are not allowed.

All users and devices are authenticated using X.509 certificates and are authorized for access using user specific access control mechanisms.

Any user activity is logged and audited for irregular use.


Did this page help you?