CGM LIFE is a secure cloud platform to store, share and process medical data (“CGM LIFE Medical Cloud”). CGM LIFE consists of several modules that provide different services for applications. These services comprise health care related catalogs and directories, secure storage of personal medical data, support for communication workflows, and a common infrastructure for secure authentication, logging and rights management.
CGM believes that personal medical data is the most sensitive kind of data imaginable, and that it must be protected at all costs against manipulation, theft or other illegitimate access by third parties. Therefore, CGM LIFE provides enhanced security mechanisms that go far beyond the usual database encryption used for example by online banking solutions and many other, conventional healthcare services. The mechanisms provided by CGM LIFE include individual, client-side encryption of all personal medical data, digital signatures to provide authenticity and integrity guarantees and cryptographic authentication of all users that access medical data.
The client-side encryption of all personal, medical data is a unique property of the CGM LIFE platform that can be summarized as a technical protection from theft, confiscation or manipulation. Sensitive data is encrypted with individual, cryptographic keys that belong to the user in such a way, that the CGM as the system and hosting provider of the stored data, is technically unable to decrypt the data. This property even holds for system administrators of the CGM LIFE servers with full access to all server resources, the CGM LIFE source code (both client and server) as well as the collected knowledge of all CGM LIFE developers.
These security properties come with a cost in respect to implementation complexity, because part of the CGM LIFE business logic can only be executed on unencrypted data and must thus be part of the client application.
In order to ease application development while still ensuring the full level of security, CGM LIFE provides a client software development kit (“SDK”) for all major technology platforms that provides that business logic, handling the necessary authentication and transparent data encryption and decryption for the client. The CGM LIFE SDK is provided for the following platforms:
Java – for desktop clients and native Android Apps
Objective-‐C – for native iOS Apps
.NET – for Windows desktop clients and native Windows Phone applications