Overview

Data Security Primer

Access more information by reviewing our whitepapers.

It is relatively easy for most software engineers to learn the basics of how to use crypto libraries such as libsodium, OpenSSL, etc. to perform straightforward operations like generating keys and verifying certificates or to sign, verify, and encrypt data. But complete security solutions get complex rapidly and will need to address things such as:

  • Configuration Driven Key Generation and Storage

  • Certificate Management

  • Security Layer/Code Abstraction and Patching

  • Security Library Inventory & Version Tracking

  • Vulnerability Tracking and Reporting

Meanwhile, the security landscape has become more hostile. It is no longer adequate to make a perfunctory effort, and the consequences of failure are real. Any team attempting to tackle data security comprehensively now needs to consider the long-term (future-proof) management of an entire workflow and the supporting infrastructure that is required to manage the security of sensitive patient data. Getting all of this right requires an expert team and a significant, ongoing effort (and budget).

MedCrypt helps solve these issues by providing medical software and device security as a service. Our customers can secure their products without needing to reinvent the ‘security wheel’. And by combining scale and an exclusive focus on security, MedCrypt’s solutions are more comprehensive and less expensive than home-brewed solutions. MedCrypt focuses on security so that our customers can focus their resources on clinical features.

By creating a best-of-breed platform and a set of libraries that are easily integrated into large or small medical devices and software, along with testing documentation tailored to satisfy the FDA, MedCrypt is helping to solve these serious cyber-security concerns.

MedCrypt Out of the Box

  • We share our library source code with medical device companies’ engineers

  • C++ library can be readily cross-compiled to various target hardware (ARM, x86) and OSes common to medical devices like Linux (Yocto, Zynq, QNX), BSDs, Mac OS X, Windows, Android, iOS

  • C library can be used in various micros like STM32xx

  • We use popular open source crypto libraries and hardware elements for crypto operations under the hood

  • Customers have the option to completely control their root-of-trust

  • The configuration of the security for various data types is guided by a best practices policy

  • Data security configurations are signed by the root-of-trust

  • Customers have access to a live threat assessment that combines known library vulnerabilities with their deployed assets

  • Device behavior monitoring can detect and report anomalous behavior and alert the vendor