Take control of your shared data

platform-overview-2 copy

Distributed ledger

Gospel LedgerNodes

Distributed Ledger Technology (DLT) is the only technology that addresses these data security challenges, upon which our platform has been developed for trusted data.

The LedgerNodes are the core part of the Gospel Data Platform that forms a private, permissioned distributed ledger. Each LedgerNode is a Kubernetes deployment comprised of a group of servers and can be segmented to limit the geographic location that can hold a copy of data for regulatory compliance models to be applied.

Gospel stores structured data and files. Data is secured both in transit and at rest and the most sensitive data can be secured using added access and encryption controls.

The LedgerNodes can be accessed through a simple web-based administration GUI or API.

Consent management

Consensus on reads and writes

Consensus is a fault-tolerant mechanism used by DLT to achieve agreement on actions, single data value or state of the network. The Gospel Data Platform uses a private, permissioned distributed ledger in a unique way, performing consensus not only on writes (updates on the data) but also on reads. This means only authorised people can see the right data for the right reason once the network has formed a consensus agreement.

It ensures that you have an entirely trusted environment for your data.

This mechanism keeps a record of all information both written and read, while maintaining data privacy, security and providing total transparency on how the data has been used.

Intelligent contextual access control

Granular access control

In a conventional role-based access control system, users are allocated permissions based on the jobs they need to do or the processes they
need to follow.

Gospel’s context-based control takes it a step further by considering the content of the records the user is trying to access, and what the user is doing at the time (the context).

It allows organisations to set significantly more secure and granular permissions, especially where data is flowing between systems or companies.

Logical data views

The intelligent context-based access control, combined with the consensus mechanism, make it possible to only display derived or tokenised data to a given group of users. It answers the questions about the data that the user is attempting to read, rather than providing the data to answer the question. For example, we might want to show whether someone is over 18 rather than their date of birth.

Data can also be revoked once the information is viewed or the project is finished.

Tamper-proof audit trail

All data accesses, including user intention and failed attempts, along with modifications are logged in an immutable tamper-proof audit trail. Organisations have full visibility and transparency of all data throughout its entire lifecycle. These records can be used as proof of regulatory compliance and in case of any dispute.

API/SDK support

Gospel’s customisable SDKs are available in several industry-standard languages, enabling quick integration with corporate custom applications. Gospel’s RESTful API enables systems to communicate with the platform to send/receive data.

Notifications and automation

Watchers

Watchers monitor changes on the LedgerNodes. When certain changes occur in the chain, the watcher can automatically send a custom email notification or make an API call to an external system. Thus, allowing external systems to be integrated into the Business Logic Workflow process.

Triggers

Triggers operate from within the Gospel LedgerNodes, taking actions before or after reading, inserting or updating a record. This component is useful for very complex access controls as detailed conditions can be defined before access is granted. Triggers are also used to implement process automation.

Data ingestion engine

LedgerBridge

LedgerBridge is Gospel’s ETL (Extract – Transform – Load) module, which saves hours of your time spent on large data migrations. It enables you to move structured data easily, thus eliminating the need to manually map content to the Gospel Data Platform.
The primary utility that makes this possible is the Gospel LedgerBridge Connector which supports importing content from external data repositories in the CSV, XML, JSON, database and flat file formats.

True cryptographic trust

Enterprise-grade encryption and hashing for secure data in transit and at rest.
Industry-standard symmetric key cryptography (AES) and public-key cryptography (Elliptic Curve) is used to encrypt data.

Certificate authority

Gospel Technology provides a solid, scalable certificate authority to handle user logins seamlessly, integrating with the sources of identity (Active Directory, LDAP, Okta, Google Apps, etc.) and additional factors (multi-factor authentication) used in other systems. It connects to the PKCS#11 – compliant Hardware Security Module (HSM).

The digital certificate verifies the authenticity of the user (verify the user is who they claim to be) and authorises access to the system (verifies their role and permissions).

Practical Byzantine Fault Tolerance (pBFT)

Efficient network communication along with a secure consensus mechanism is implemented using a practical
Byzantine fault tolerance pBFT (Practical Byzantine Fault Tolerance) algorithm.

Using the pBFT mechanism,

  • All participants (LedgerNodes) in the Gospel network reach a consensus to verify and process an action (for instance, during the verification and validation of transactions).
  • All actions in the network are done securely and agreeably.
  • The network can continue operating even if some nodes fail or act maliciously.