Each HealthVault application proves its identity to HealthVault at run-time using an asymmetric key pair. Those of you who have already gone live will remember having to send the HealthVault team your public key so that it can be stored on the HealthVault
