D4.1 KONFIDO Architecture (Version 1)

This document provides a description of the KONFIDO architecture and how it is being implemented and deployed via a combination of complementary security-enhancing technologies.

This first version concerns a detailed description of the KONFIDO architecture and components, focusing on the interactions among them. The final version, to be delivered at month 24, will be updated with details on the component interfaces.

The presented architecture is based on the requirements specified in the deliverables of WP3 (please refer to the Appendix for additional details) and consists of a modular architecture aiming at addressing the ultimate goal of increasing trust and security of eHealth data exchange. In particular, the KONFIDO solution is structured as a toolbox composed of different services and tools, which can be combined in order to address a wide range of possible eHealth scenarios and to solve many vulnerabilities in the exchange and processing of health data.

Namely, the toolbox offered by KONFIDO includes: a set of disruptive logging and auditing mechanisms developed in other technology sectors – such as blockchain – appropriately adapted for the healthcare domain; Physical Unclonable Function (PUF)-based security solutions that are based on photonic technologies; a customized eIDAS implementation; Trusted Execution Environment (TEE), the new security extensions provided by some of the main CPU vendors; customized extensions of the selected Security Information and Event Management (SIEM) solutions; Homomorphic Encryption (HE) mechanisms; publish/subscribe communication channel; and TEE communication channel.

This report begins with the description of a reference scenario, providing basic context information on the eHealth data exchange platform provided by the epSOS project. Then, it provides the descriptions of the solutions provided by KONFIDO, the KONFIDO deployment architecture in the context of the OpenNCP platform (i.e. the technical implementation of epSOS project), how the security of OpenNCP data exchange is improved by using KONFIDO, and the interactions between KONFIDO components required to achieve the project scope.