This article describes the authentication, authorisation and security of Black Pear's eSP app.
eSP uses Black Pear's BP Auth service (https://auth.blackpear.com) to authenticate users.
Users are authenticated using a unique user identity (their email address) in conjunction with a password.
Credentials cannot be used for authentication until the user has verified their identity and set a strong password. Password strength is checked using Dropbox's zxcvbn library and only passwords that are estimated to take more than 10^10 attempts to guess are allowed.
Passwords will expire after 90 days and a new password must be chosen; this cannot be one of the previous 12 passwords used. If users forget their password then they can simply and easily request a reset link to be sent by email; this allows them to choose a new password:
Apps running in Black Pear's Pyrusium browser synchronise credentials with the linked clinical system so that users are automatically logged into the app, provided that they have logged into the clinical system. For security reasons, BP Auth credentials will need to be reentered every 14 days.
Passwords are salted and hashed using an NHS approved algorithm before being stored in a secure database managed by Black Pear.
eSP authorises users by using Black Pear's Warden service (https://warden.blackpear.com) to provide robust, token-based authorisation.
Service administrators can assign a role to each user within each eSP service. Users may have different roles on different eSP services.
Role based access control (RBAC) is used to control users' access to system functions within the app and data within services. Users cannot access any system functions or data without having first authenticated and selected their role.
eSP plans are stored in a service-specific Mongo DB replica-set located in an N3-connected data centre provided by AIMES Grid Services, an NHS Digital approved N3 aggregator with IGSoC. Black Pear's processes satisfy the requirements of IGToolkit v13.
All data are encrypted at rest using disk-level encryption with approved cryptographic algorithms (AES-256) and only authenticated access is permitted. Data are encrypted in transit using TLS with approved cryptographic algorithms (AES-256). Data are backed up to a geographically separate location every 24 hours.
Audit logs record all access to the eSP services and, in addition, local audit logs record all use of the eSP app within Pyrusium. Audit logs are retained for the duration of the service contract and returned to the data controller at the end of the contract.
eSP authentication, authorisation and security combines industry best practices with relevant NHS requirements including:
- IG Requirements for GP Systems V4
- Password Policy for Non-Spine Connected Applications GPG
- Approved Cryptographic Algorithms GPG
Source code for service authorisation using JWT and HL7 FHIR is published online at: