identitii Serra

identitii Serra is a permissioned, append-only, federated database built for the financial industry. Leveraging the best parts of blockchain, relational and graph databases, it enables the secure and auditable exchange of information between financial institutions.


identitii Serra™ is a microservices based application that is designed from the ground up to be secure, performant and resilient. It leverages state-of-theart storage and transmission techniques to create a secure, permissioned information exchange layer on top of legacy customer and payment systems.

The link between these legacy systems and identitii’s information layer is the identitii Token, a string of letters and numbers that acts as a unique identifier for information elements registered on the network. While the identitii Token is designed to be exchangeable as a string, the information content it refers to remains private and anonymous unless it is explicitly shared with a counterparty.

identitii Serra™ allows financial institutions to make supporting documents, transaction information, and KYC information available to trusted counterparties in multi-party transactions in the specific situations they are required.

How identitii Serra Works

1. Connect your operational databases to Serra

Your operational databases are connected to Serra via RESTful APIs and mapped to identitii data schemas to enable data exchange. Serra has numerous integration options to match the ideal implementation for your business situation.

2. Implement robust and configurable policies for information exchange

Define detailed policies for information exchange with identitii’s robust permissions model. In identitii’s system, all information remains private unless an affirmative permission is explicitly granted to a trusted counterparty. identitii’s system maintains an active record of the granting and revocation of every permission.

3. Track and manage transaction information with identitii tokens

identitii’s tokens link identitii’s information layer with your existing platforms. identitii tokens are globally unique identifiers issued through distributed consensus. Tokens can track transactions and information exchange across internal systems, as well as between financial institutions.

identitii tokens power track and trace

identitii tokens are globally unique identifiers that have been generated by a contract on the distributed ledger. These
tokens flow within existing payment network messages, and link legacy payment messages with the rich information stored in the identitii layer.

identitii tokens:
a) provide a pointer to the record of transaction information identitii tokens can flow freely within legacy and new
payment networks, allowing institutions to link a transaction to the rich information accessible via Serra. identitii’s technology can be integrated without requiring changes to the operation of existing systems.
b) enable track-and-trace functionality identitii tokens allow a financial institution to track and trace a transaction both within their organisation and through a payment chain.
c) identitii tokens can be used to consolidate references from transaction processing systems, document collection
channels, and customer engagement platforms. This facilitates the processing of transactions that may rely on
information available from multiple sources.

Serra solves industry pain points driven by lack of information

identitii has developed several modules that extend Serra’s core to directly address different challenges faced by the financial industry. These range from document collection, review and exchange for Trade transactions, to regulatory compliance in cross-border payments.


Financial Crime Compliance & Payment Operations

Dramatically reduce disposition times for L1 and L2 sanctions and AML investigations by securely exchanging secondary identifiers and documentation with correspondent banks.

e-Invoicing, Receivables & Payables

Provide enhanced receivables management functionality to your corporate customers, by offering a streamlined experience for the exchange and processing of invoices between corporates and vendors.

Transaction Documentation Collection

Reduce transaction processing time and documentary discrepancies by electronically exchanging documents with corporate customers, while preserving an auditable transaction record that demonstrates document provenance.

Features & Benefits

Features Benefits

Built to scale – Built on Go with the latest system architecture principles

Serra boasts a lean application stack which minimises the IT cost required to scale.

Forwards compatible – Compatible with future distributed ledger networks and encryption mechanisms

Blockchain in an evolving technology. Serra is designed to ensure continuity of the information system even if the blockchain component is ported to a new standard.

Distributed public key infrastructure implemented through DLT eliminates the need for central authority

Serra’s information system is truly distributed, and does not depend on a central trusted authority.

Security in depth– encryption in-flight and at-rest ensures data privacy

Serra uses industry-standard encryption mechanisms to ensure security of information both in-flight and at-rest.

Flexible deployment model– fully on-premises or hybrid private cloud. identitii can provide terraform scripts to automate provisioning of cloud infrastructure (AWS, Azure and Bluemix supported)

Wherever your organisation is on the journey to cloud, Serra can accommodate it.

Enterprise software connectors

Avoid large customisation costs by leveraging our pre-built enterprise data connectors (See compatibility stack)

Microservices architecture– security at the application layer

Leveraging HTTPS and SMTP, inter-bank communication does not require bespoke network integration as data is encrypted at the application layer.

Serra has 8 Core Components

User Interfaces

Provides a user interfaces to bank officers and customers. Includes our timeline view that allows an officer to quickly view all the events and information associated with a transaction.

Connectors

Bridges external systems to the Serra core. Examples include SAP, Oracle, IMAP, and SAA.

API’s

Internal and external facing API’s provide a simple interface to Serra. identitii provides a Java SDK with examples to ease integration.

Converters

Converts data between various formats, for example SWIFT RJE to ISO20022.

Interchange

Interchange provides the interface for third parties, affiliates to request and provide enriched information about transactions. Further, it governs the exchange of information with third parties, for example mapping SWIFT BIC’s to their blockchain identities and verifying their role in a payment chain.

Permissioned Data Store

Append only data store that stores metadata and document payloads. This component connects to existing on-site databases (such as Oracle, FileNet) and ensures only permitted users are provided with data, and stores an audit trail in the DLT.

Distributed Ledger

A blockchain that stores the token database, the audit trail of information and exchanges, and the identities of participants on the network. Importantly, no human readable information is stored on the blockchain, instead the audit trail acts as a companion to the source information stored in the Permissioned Data Store to provide an immutable, verifiable audit trail.

Serra is built to be secure from the ground up

identitii combines application design, the latest encryption standards, and distributed ledger technology to provide security-in-depth across a truly distributed information network.

1

Sensitive information is stored on-premises using traditional database security best practices. identitii has connectors to modern enterprise databases such as Oracle, MSSQL and FileNet.

2

All information is associated with an identitii token which acts as a globally unique reference for the transaction

3

The information is used to create a signed hash, a cryptographic string that proves the holder of the private key used to sign it had this information at a point in time. This signed hash is placed on the blockchain, and the transaction ID associated with the ledger entry is stored against the data. The transaction ID can be used to prove at what point in time this information was held.

4

The public keypair is stored on the DLT in an identity tree, a data structure that allows the sending party the ability to encrypt the information that can only be readible by the receipient, and allows the recipient the ability to verify the signature of the sendor to ensure it was sent by that organisation. This distributed PKI is robust enough to allow revocations but still hold the history of authorisation.

identitii Data Container

Signed hash of information
Financial institution public key
DLT transaction ID
identitii token
Sensitive Information (Passport, contract, etc.)
Legend


Stored on-chain
Stored on-premises

Architecture

Compatibility & Technical Stack

Oracle Enterprise Edition 11g, 12c
IBM MQ 7.5, 8, 9
RedHat Enterprise Linux 7.2
PostgreSQL 9.6

identitii Product

APPLICATION

Reference Implementation

GO 1.8 HYDRA 0.7.7 GRAFANA 4.2

MIDDLEWARE

Reference Implementation

Messaging: Rabbit MQ 3.6.6

Custom implementation

Messaging: We can support any middleware using AMQP 0.9 or 1.0. – WMQ 7.5, 8 et 9.01

PERSISTENCE

Reference Implementation

DB: SQL Server 2016, PostgreSQL, Oracle 11g – 12c

File: POSIX File System, FIleNet in development

Metrics: InfluxDB version 1.2.1

Custom implementation

DB: Require dedicated DB but can be on shared infrastructure
(e.g. DB on shared SQL Server instance, DB on Oracle Grid)

File: other options require analysis

Metrics: could feed events into Bank interface – e.g. via webservices, messaging protocols

DISTRIBUTED LEDGER

Reference Implementation

Ethereum v4

OPERATING SYSTEM

Operating System

Ubuntu Server 16.04.2 LTS on Red Hat Enterprise Linux (RHEL)
6.7 and 7.2

Architecture

x86 (64-bit)

RAM

8 GB

CPU

4 Cores

Disk Storage

256 GB

Number of units

4-6 depending on volume to cover high availability, fail over and disaster recover

Sample Reference Implementation 1

CUSTOMER UI VM
HYDRA 0.7.7
identitii
Executables (GO 1.8)
RABBIT MQ 9
MQ Manager
REDHAT 7.2
64 bits / 4 CPUs / 8 Go
BANK OP UI
HYDRA 0.7.7
GRAFANA 4.2
identitii
Executables (GO 1.8)
RABBIT MQ 9
MQ Manager
REDHAT 7.2
64 bits / 4 CPUs / 8 Go
CORE COMP VM
INFLUX DB 1.2.1
PostgreSQL 9.6.3
identitii
Executables (GO 1.8)
RABBIT MQ 9
MQ Manager
REDHAT 7.2
64 bits / 4 CPUs / 8 Go
ETHEREUM VM

ETHEREUM V4

REDHAT 7.2
64 bits / 4 CPUs / 8 Go

Sample Reference Implementation 2

CUSTOMER UI VM
HYDRA 0.7.7
identitii
Executables (GO 1.8)
IBM WMQ 9
MQ Manager
REDHAT 7.2
64 bits / 4 CPUs / 8 Go
BANK OP UI
HYDRA 0.7.7
GRAFANA 4.2
identitii
Executables (GO 1.8)
IBM WMQ 9
MQ Manager
REDHAT 7.2
64 bits / 4 CPUs / 8 Go
CORE COMP VM
INFLUX DB 1.2.1
ORACLE 12c
identitii
Executables (GO 1.8)
IBM WMQ 9
MQ Manager
REDHAT 7.2
64 bits / 4 CPUs / 8 Go
ETHEREUM VM

ETHEREUM V4

REDHAT 7.2
64 bits / 4 CPUs / 8 Go

The sizing of VMs (CPUs, RAM, Storage, SAN attachments) should be tweaked once business activity has been estimated.

To download a PDF version of this solution guide please click here