The technical bit - why this isn't just a pipedream
Gospel Hub is based on a distributed ledger – the only technology we believe addresses the data security challenges of the future, upon which our platform has been developed for trusted data.
The LedgerNodes are the core part of the Gospel Data Platform that forms a private, permissioned distributed ledger. Each LedgerNode is a Kubernetes deployment comprised of a group of servers and can be segmented to limit the geographic location that can hold a copy of data for regulatory compliance models to be applied.
Gospel stores structured data and files. Data is secured both in transit and at rest and the most sensitive data can be secured using added access and encryption controls.
The LedgerNodes can be accessed through a simple web-based administration GUI or API.
Consensus on reads and writes
Consensus is a fault-tolerant mechanism used by Distributed Ledger Technology (DLT) to achieve agreement on actions, single data value or state of the network. The Gospel Data Platform uses a private, permissioned blockchain architecture in a unique way, performing consensus not only on writes (updates on the data) but also on reads. This means only authorised people can see the right data for the right reason once the network has formed a consensus agreement.
It ensures that we build an entirely trusted environment for an individuals data.
This mechanism keeps a record of all information both written and read, while maintaining data privacy, security and providing total transparency on how the data has been used.
Intelligent contextual access control
Granular access control
In a conventional role-based access control system, users are allocated permissions based on the jobs they need to do or the processes they
need to follow.
Gospel’s context-based control takes it a step further by considering the content of the records the user is trying to access, and what the user is doing at the time (the context).
It allows organisations (and their customers) to set significantly more secure and granular permissions, especially where data is flowing between systems or companies.
Logical data views
The intelligent context-based access control, combined with the consensus mechanism, make it possible to only display derived or tokenised data to a given group of users. It answers the questions about the data that the user is attempting to read, rather than providing the data to answer the question. For example, an induvial might want to prove whether they are over 18 rather than display their date of birth.
Data can also be revoked once the information is viewed or the access request is finished.
Tamper-proof audit trail
All data accesses, including user intent and failed attempts, along with modifications are logged in an immutable tamper-proof audit trail. Gospel Hub users have full visibility and transparency of all data throughout its entire lifecycle, as do the providers have a reflection of their updates and access for that individuals account. These records can be used as proof of regulatory compliance and in case of any dispute.
Gospel’s customisable SDKs are available in several industry-standard languages, enabling quick integration with corporate custom applications. Gospel’s RESTful API enables systems to communicate with the platform to send/receive data.
Notifications and automation
Watchers monitor changes on the LedgerNodes. When certain changes occur in the chain, the watcher can automatically send a custom email notification or make an API call to an external system. Thus, allowing external systems to be integrated into the Business Logic Workflow process.
Triggers operate from within the Gospel LedgerNodes, taking actions before or after reading, inserting or updating a record. This component is useful for very complex access controls as detailed conditions can be defined before access is granted. Triggers are also used to implement process automation.
Data ingestion engine
LedgerBridge is Gospel’s ETL (Extract – Transform – Load) module, which saves hours of your time spent on large data migrations. It enables you to move structured data easily, thus eliminating the need to manually map content to the Gospel Data Platform.
The primary utility that makes this possible is the Gospel LedgerBridge Connector which supports importing content from external data repositories in the CSV, XML, JSON, database and flat file formats.
True cryptographic trust
Enterprise-grade encryption and hashing for secure data in transit and at rest.
Industry-standard symmetric key cryptography (AES) and public-key cryptography (Elliptic Curve) is used to encrypt data.
Gospel Technology provides a solid, scalable certificate authority to handle user logins seamlessly, integrating with the sources of identity (Active Directory, LDAP, Okta, Google Apps, etc.) and additional factors (multi-factor authentication) used in other systems. It connects to the PKCS#11 – compliant Hardware Security Module (HSM).
The digital certificate verifies the authenticity of the user (verify the user is who they claim to be) and authorises access to the system (verifies their role and permissions).
Practical Byzantine Fault Tolerance (pBFT)
Efficient network communication along with a secure consensus mechanism is implemented using a practical
Byzantine fault tolerance pBFT (Practical Byzantine Fault Tolerance) algorithm.
Using the pBFT mechanism,
- All participants (LedgerNodes) in the Gospel network reach a consensus to verify and process an action (for instance, during the verification and validation of transactions).
- All actions in the network are done securely and agreeably.
- The network can continue operating even if some nodes fail or act maliciously.