Industry Aware Modules
The Hypatia Platform is built on a permissioned Blockchain, and leverages strong crypto to solve the problem of securely sharing sensitive documents and data between competing (but not malicious) entities. The platform utilizes a sophisticated Rules Engine which is configured to support various industries and/or use cases. These Rules, X, Y and Z combined together into what we call an Industry Aware Module.
Our first industry Use Case is License Management for Regulated Gaming. In Regulated Gaming jurisdictions, world-wide, key individuals in companies that supply hardware, software or services to operators, must be individually licensed. The licensing process is extensive and involves people supplying sensitive information to many different regulators. Examples of this information include but is not limited to; Tax returns, Bank statements, Brokerage statements, Passport, Birth certificate, etc. Hypatia securely encrypts all this data and using a sophisticated key exchange system and allows the data to be shared on a need-to-know basis and always with the permissions of the data’s owner. Hypatia’s metadata layer is permissioned but generally available to all participating nodes on the network. This layer is used to search, sort and filter all documents and data.
Applicant Submits Data (1X)
In regulated markets today, it is often the responsibility of an Applicant to submit their data, often highly sensitive, to each of the jurisdictions for which they are applying. Hypatia allows the Applicant to submit their data just one time into the Hypatia Platform. The data is encrypted prior to entering the Platform allowing for Zero Knowledge Privacy. The encrypted data is shared with chosen Regulators only with the permission of the Applicant.
Supported Applications are for Business Entities, Individuals, Software and Hardware. Based on the type of Application and the selected Jurisdictions, Hypatia guides the Applicant through a checklist/questionnaire and allows the individual to securely and privately upload PDF, JPG or PNG.
Third Party Submits Documents & Certificates
Third Party integration is achievable for any Industry Aware Module. There are different types of integrations:
- A 3rd Party User given a Hypatia account – an example could be a private investigator hired by a specific Regulator
- External API – where Hypatia integrates with an external provider via their API. For example, Hypatia integrates in the United States to TransUnion for Credit Report & Monitoring and Question Diagnostics for Drug Screening initiation
- Internal API – where the Third Party integrates with Hypatia’s APIs – as an example, Quest Diagnostics directly provides Drug Screening results
Regulator A Reviews & Approves
Regulator A represents any initial Regulator the Applicant is applying to for a License. When an Applicant initially submits an application they provide the specific Regulator(s) with permission to access their detailed documents. This permission stays in effect until the License is approved or denied, or until the Application is withdrawn by the Applicant.
RegulatorA can add private comments to any of the Applicant’s documents. Additionally, all correspondence between Regulator A and the Applicant is secured and stored within the Hypatia Platform.
As Regulator A “approves” an Applicant’s source documents, metadata is added to the document which is visible to other Regulators associated with the Licensee on the Platform. Regulator A is attesting to the contents of the source document and its validity. Often the metadata alone can be used by other certifying Regulators issuing a License to the Applicant.
Regulator X Asks to Review Data
If Regulator X randomly chooses an Applicant for random credit check, Regulator X can see that Regulator A recently verified same and from the metadata see that the credit score is 740. This may be sufficient for Regulator X. If on the other hand, Regulator X wishes to review the details of the credit report that was provided by Applicant to Regulator A, Regulator X will need to seek permission from the Applicant and Regulator A.
At Least Two Keys to Secure Authorizations
Once an item is approved by a Regulator and has associated metadata, any request to review the associated detailed source document will require authorization from both the Regulator and the Applicant.
Regulator X Inspects, Reviews & Approves
Once Regulator X receives the two approvals necessary to review the detailed source documents, Regulator X can provide their own review and approval. Additional correspondence with the Applicant and their own secure notes will be associated with the source document.
Complete Audit Trail
All actions taken within the Hypatia Platform are put onto the Blockchain making the document history tamperproof and auditable. Audit reports are available within the Platform for Applicants and Regulators alike.
Users on the Hypatia Platform can configure their personal notifications and use the default notification, or add specific notifications on a per document basis – frequency, method of notification, etc. For example, an Applicant can configure Hypatia to
- immediately be notified on their mobile device whenever someone requests permission to view their detailed documents
- receive a weekly e-mail summary of the access to their detailed documents
- receive an immediate e-mail when their license has been approved
Guaranteed Security & Privacy
|Hypatia uses voice login to increase application security with voice biometrics for access to applicant’s private encryption keys. Voice biometrics provides a security layer that prevents unauthorized logins. We protect access to your keys with an additional layer of security that uses a person’s voice to verify their identity and prevent unauthorized access to their encryption keys.|
|Hypatia utilizes a sophisticated key structure to ensure the security and access permissions for any sensitive documents stored on the platform. An Applicant can rest assured that no one can review their source documents without explicit permission and a full audit trail.|
- Fault Tolerant – Hypatia is a completely decentralized system, and only requires a single node to work. Nodes can enter and leave the network at will. The Blockchain is used to maintain consensus among the nodes on the network.
- Secure – Entities in the platform are identified only by an irreversible crypto secure hash. This makes it extremely easy to check an Id, but impossible to reverse engineer it. Each transaction contains the public key of the originator and a digital signature proving its origin.
- Scalable – additional Regulators are added to the Platform with their own nodes, allowing the Platform to horizontally scale.
- Verifiable – Digital signatures are used to verify the source of all documents, comments, correspondence and system access.
- Efficient – The Platform uses Time Series and GraphQL databases for the efficient searching of the metadata associated with each document or answered questions.
- Decentralized – The Blockchain is used to decentralize the Hypatia Platform.
- Non-Repudiation – Transactions recorded on Hypatia Platform are immutable, ordered and auditable.
- Permissioned – Hypatia builds on a private Blockchain and only nodes with authorized credentials may join the network. These credentials are centrally managed by an issuing authority and comprise public and private cryptographic keys.
- Auditable – The data store is a cryptographic hash chain, so any block can be proven to be valid and time ordered.
- Zero Knowledge Privacy – Source documents are encrypted prior to entering the Hypatia Platform using military-grade encryption.
- Easy Integration – Industry standard REST and GraphQL based APIs.
- Tamper Evident – Any attempts to modify data on Hypatia Platform is immediately visible to all nodes in the network.
Hypatia Platform Leverages Blockchain
The Hypatia Platform is built on a decentralized Blockchain and a decentralized storage network. The Blockchain is an immutable ledger that is distributed to all nodes in the Hypatia network. Documents encrypted and stored are also distributed to all storage nodes on the network. This ensures that data can never be lost or tampered with.
The initial Regulator that certifies the paper and digital documents submitted, is known as the Primary Certifying Regulator. It is assumed but not required that other Regulators will trust the Primary Regulator, but Regulators are free to re-certify all and any submitted documents.