NHS Health record support coming very soon. Find out more.
Security deep dive
How digi.me manages not to touch, hold or see data
Authentication
User private key is generated on device only and not stored anywhere
High entropy key derivation functions limit brute force attack viability
Multiple devices may be enrolled for easy recovery
Encryption
Asymmetric and symmetric encryption are used to protect the account and data
High integrity password vaults encrypted with market proven RSA function library, implemented as FIPS compliant 2048-bit, with OAEP padding
File encryption via AES-256 by default with optional AES-128 for low-power devices
API integrity
APIs exposed to public internet access are secured via strict SSL connection requirements, firewall rules, certificate pinning and Swagger API definitions
Transactional design limits potential for denial of service, spoofing and fuzzing attacks
Cloud processing integrity
All cloud processing is context-free and requires data access credentials from an authenticated user app via a secure connection request
Personal data is never stored on any discs and all processing threads are destroyed when complete