Tresorit launches ZeroKit to bring ready-made security to Apple's CareKit

By Jonah Comstock
Share

A company called Tresorit has launched a new SDK called ZeroKit, meant to help developers working on Apple's CareKit platform surmount one of the biggest hurdles to developing healthcare applications: security. ZeroKit launched today and was promoted by Apple in a blog post on the CareKit website.

"We decided that healthcare is the sector that needs this technology the most given the recent data breaches," David Szabo, Tresorit's SVP of platform, told MobiHealthNews in an interview. "So we looked where to invest and so we spoke to Apple, and Apple said that they’re coming out with CareKit for developers. CareKit includes local encryption and a solution for data security on the device, but for managing data in the cloud they rely on developers to solve that problem. This is the gap that ZeroKit fills."

Correction: This story has been updated to clarify that Apple already supported local encryption for CareKit apps.

ZeroKit uses a novel authentication protocol to secure users' login data and passwords. 

"Healthcare apps usually build their own authentication services, which are prone to various ways of hacking user passwords," Szabo said. "There are many open-source frameworks available for app developers to use authentication to register and log-in users and they are all very vulnerable for hacks because they hash passwords and there are at least three really easy ways hash-based password systems can be hacked." 

But beyond guarding against password hacks, ZeroKit puts healthcare developers on a path toward HIPAA compliance by also offering end-to-end encryption of patient data.

"The second part of our service is end-to-end encryption," Szabo said. "We designed the whole system to be able to handle user data and passwords in a way that even the developers will not have access to the data. So developers can store the data but they will never see the contents of the data."

Two healthcare apps, CarePro and DrNearMe, are already using Tresorit's protocols for security. But the company hopes with the CareKit compatibility -- and support from Apple -- they'll be able to make a much bigger splash.

"We see all the data breaches happening," Szabo said. "We read them week by week. And this is our basic mission: to put privacy in the hands of patients so they can decide who to share their data with consciously and they can revoke those permissions if they wish."