Data Security Architecture

Self-Signed Certificates

Because Dermi Atlas Professional runs on a local IP address (e.g., 192.168.x.x) rather than a public domain, it cannot use standard public SSL certificates.

• Generation: Dermi Atlas Manager automatically generates a self-signed certificate specific to your host machine.
• Trust: You must install this certificate on client devices to avoid browser security warnings.
• See: SSL Certificate Setup for HTTPS Access for installation guides.

Firewall Requirements

Dermi Atlas Manager attempts to configure the host computer's firewall automatically.

• Inbound Rules: Must allow TCP traffic on ports 15015, 15045, 15815, and 15845 (or custom ports if defaults are in use).
• Isolation: We recommend running the host computer on a private network, not a guest network.

Access Control & Authentication

User Isolation

Dermi Atlas Professional is designed for multi-user environments but enforces strict data isolation.

• User A cannot access User B’s patients or images.
• Separate database associations ensure logical separation of data.

Authentication Standards

• Password Hashing: Passwords are salted and hashed using industry-standard algorithms (e.g., bcrypt) before storage. Plaintext passwords are never stored.
• Complexity: Enforced requirements (12+ chars, mixed case, numbers, symbols).
• Two-Factor Authentication (2FA): Optional but recommended. Uses Time-based One-Time Passwords (TOTP) compatible with apps like Google Authenticator.

Backup & Integrity

Dermi Atlas Manager includes a built-in backup utility.

• Scope: Backups include the full database, all images, and configuration settings.
• Integrity: Checksums are generated during backup and verified during restoration to ensure data has not been corrupted.
• Format: Proprietary archive format to ensure consistency.

Security Note: Backups are stored on the host computer by default. It is the practice's responsibility to move these backups to a secure, encrypted, off-site location (e.g., an encrypted USB drive or a compliant cloud storage bucket).

Host System Hardening

Because Dermi Atlas Professional relies on the host computer's security, your organization should implement the following "Defense in Depth" measures:

1. Disk Encryption: Enable BitLocker (Windows) or FileVault (macOS) on the host computer to protect data at rest in case of physical theft.
2. OS Updates: Keep the operating system patched to prevent exploit-based attacks.
3. Physical Security: Restrict physical access to the host computer to authorized personnel only.