CLOUD AND BLOCKCHAIN PROVIDE SCALABILITY AND RELIABILITY TO HYBRID ON-CHAIN AND OFF-CHAIN APPLICATIONS
Using NFTs, Ethereum, and AWS to re(DeFiNe) the receivables market
A deep dive into WizKey architecture, leveraging NFTs and decentralized apps to ensure traceability and accountability
In the last decade, blockchain technology evolved from a mere proof of concept to a speculative asset enabler to a mature solution in a very short timespan. While cryptocurrencies represent a fancy alternative to gambling, the underlying technology grew to overcome built-in limitations and find meaningful applications. After an initial growing hype into making everything a decentralized app, many projects failed to reach the market, while others adopting a more practical approach steadily grew time over time.
WizKey DeFiNe (WK) aims to bring back value to the credit market, pushing trust and reliability using the blockchain. Receivables are financial assets usually privately traded between parties. When someone borrows money to buy a good (i.e., a house), the signed contract qualifying this loan represents the most common type of receivable. While the credit market's wide landscape tends to be really hard to understand by people without law and finance expertise, we could consider a simple loan portfolio for our purposes.
Exchanging receivables between parties is an often unregulated process that requires the seller to prepare a description of the portfolio (usually, credits are never traded individually), send it to potential buyers, sign some legal paperwork, open access to credit underlying contracts, and information (such as mortgage plans or credit notes), then negotiate the price and composition of the portfolio and finally fulfill the payment and the transaction of receivables to their final destination.
Traditionally this process has been managed with many legal teams, exchanging poorly digitalized versions of documents, then preparing legally binding contracts to ensure some level of protection against uncertainty and lack of trust. Often, receivable information is mismanaged and lost during the transaction, making the institute unable to trust the data tape they receive with enough confidence about credit rating. Such information asymmetry significantly impacted overall finance operations, acting as a domino effect on financial products built on receivables: its systemic impact became clear in 2008 with the subprime bonds crisis.
Here comes WizKey DeFiNe, a Software-as-a-Service platform aiming to provide a strong foundation for receivables management with a hybrid on-chain and off-chain approach. Every receivable starts with its qualifying documents: a set of PDFs containing the information shaping credit nature. Additional files are added at a later time during negotiation.
Within DeFiNe, all the actions are initiated by the WK Client. Client duty is to act as an entry point to the DeFiNe platform.
The WizKey client orchestrates the three main components of WizKey Define: WizKey Services, WizKey Node, and Ethereum blockchain.
WizKey Client Console (WKC)
A cross-device desktop app built with Electron and React framework, WizKey Client Console (or just “the Console”) is a customer-facing application devoted to support and orchestrate all receivables management operations within WizKey. A new user follows the configuration wizard to set up a new ethereum wallet and system credentials. Then, once a user is linked to a specific eth address, the Console can create new receivable entities and upload documents into a WizKey Node. When a new document is uploaded to the client, its hash is computed and notarized on the ethereum blockchain, then its receipt and the PDF file and describing metadata are sent to the WizKeyNode.
Once the receivable qualifying information is provided to the node, a user builds a finalized entity, interacting with an ethereum smart contract that stores document hashes within an ERC-721 Non-Fungible-Token, sent back to the customer’s wallet, representing the digitized version of the receivable ownership. Having these operations performed directly by the console interaction with ethereum ensures them being accountable and time certified.
All the negotiation steps are managed through the Console, allowing interested buyers to explore the proposed receivables, sign an NDA agreement (which is notarized on the blockchain as well), and define relevant transaction information through the Q&A blockchain notarized information.
Finally, when the parties agree on proceeding with contract finalization, the Console transfers receivable NFTs to an escrow smart contract that manages fulfilling operations, then notifying their relative WKNs to proceed to related document transfer. The central WizKey Services globally maintain the nodes routing pointers table.
WizKey Services (WKS)
The initial step guides the user to configure the client. The user is asked to configure and set up a new identity which consists of an Ethereum wallet handling all the blockchain stuff and the authentication credentials into the global WizKey Services domain.
WizKey Services offer an API-layer exposing the capability to manage a specific domain, adding, authorizing, and revoking credentials. This component is made of a set of Kubernetes microservices deployed on AWS EKS through Neosperience Cloud Services (formerly Mikamai) technology. Every microservice is exposed through Amazon API Gateway and AWS Web Application Firewall to ensure security and scalability. A Keycloak cluster deployment provides identity management to the off-chain services, with OAuth2 standard implementation. MongoDB, leveraging a cloud deployment within Mongo Atlas, is the preferred persistence model each microservice uses to store user’s identity metadata and WizKey Node instance pointers.
WizKey Node (WKN)
Built with a special focus on portability, these components provide each customer-dedicated storage for their receivable, with complete control over sensible document data. This is a focal point within the WizKey platform because it ensures the original data (i.e., PDF documents and security data tapes) is never moved out from customer domain boundaries. Even WizKey does not need to be trusted. We never have any information related to a receivable, just where it is located, storing node pointer within WKS, but any sensitive data.
Every WKN directly connects to an ethereum full node to verify receipts and check the client sent the same data hashed on the blockchain. Moreover, throughout all the receivable negotiations, the node manages to validate the operations.
WizKey customers range from banks to financial institutions and present a range of possible different infrastructures. This means WizKey had to choose the best-of-breed technology to ensure deployment portability. Nodes came in two deployment flavors: on-premise and managed. Same feature coverage is provided by equivalent on-prem tools such as Kong for API layer and Hashicorp Secrets Manager.
In the last few years, Neosperience Cloud Services (formerly Mikamai) built a technology that can support Kubernetes deployment, management, and administration through GitOps with support for interchangeable services interfaces. This allows WizKey to manage node rollouts into different cluster configurations. Moreover, a shared, managed Keycloak identity manager ensures users being authorized across different domains.
The complete architecture landscape
WizKey implements a hybrid multi-cloud and on-chain off-chain architecture to provide its functionalities across different deployment choices. The architecture's core component is represented by the Ethereum blockchain, handled through Amazon Managed Blockchain baked full nodes or on-premise node management. Ethereum is the backbone of our transactions and the distributed ledger, ensuring accountability and tamper-proofing. Still, its involvement goes further because transferring receivables as NFTs means every operation can be tracked, audited, and is non-undoable, thus certain and authentic. The choice of a global, worldwide blockchain such as Ethereum represents a guarantee the process is censorship-resistant.
In the last three years, WizKey faced several common decentralized application issues such as blockchain throughput, regulatory constraints deployment on layer-2 networks, ethereum fees, and multi-chain adoption during product development. Many architectural choices had to be made to ensure the best solution while accounting for constraints. We’ll present some of them in the next articles, showing how WizKey managed to make this architecture production-ready for its customers.
My name is Luca Bianchi. I am AWS Serverless Hero and Chief Technology Officer at Neosperience and WizKey. I have built software architectures for production workload at scale on AWS for nearly a decade.
WizKey DeFiNe is the platform that radically improves the receivables’ market, cutting down operational costs and maximizing the value of any portfolio.
Neosperience Cloud Services (formerly Mikamai) is the Neosperience professional services business unit, helping customers adopt innovative technologies such as machine learning and blockchain fast with a cloud-native approach. Active since 2010, our company is your preferred partner to achieve the best results in your next project.
Top comments (0)