Using NFTs, Ethereum, and AWS to re(DeFiNe) the receivables market

Using NFTs, Ethereum, and AWS to re(DeFiNe) the receivables market

A deep dive into WizKey architecture, leveraging NFTs and decentralized apps to ensure traceability and accountability

In the last decade, blockchain technology evolved from a mere proof of concept to a speculative asset enabler to a mature solution quickly. While cryptocurrencies represent a fancy alternative to gambling, the underlying technology grew to overcome built-in limitations and find meaningful applications. After an initial growing hype into making everything a decentralized app, many projects failed to reach the market, while others adopting a more practical approach steadily grew time over time.

WizKey DeFiNe (WK) aims to bring back value to the credit market, pushing trust and reliability using the blockchain. Receivables are financial assets usually privately traded between parties. When someone borrows money to buy a good (i.e., a house), the signed contract qualifying this loan represents the most common type of receivable. While the credit market's broad landscape tends to be hard to understand by people without law and finance expertise, we could consider a simple loan portfolio.

Exchanging receivables between parties is an often unregulated process that requires the seller to prepare a description of the portfolio (usually, credits are never traded individually), send it to potential buyers, sign some legal paperwork, open access to credit underlying contracts, and information (such as mortgage plans or credit notes), then negotiate the price and composition of the portfolio and finally fulfill the payment and the transaction of receivables to their final destination.

Traditionally this process has been managed with many legal teams, exchanging poorly digitalized versions of documents, then preparing legally binding contracts to ensure some level of protection against uncertainty and lack of trust. Often, receivable information is mismanaged and lost during the transaction, making the institute unable to trust the data tape they receive with enough confidence about credit rating. Such information asymmetry significantly impacted overall finance operations, acting as a domino effect on financial products built on receivables: its systemic impact became apparent in 2008 with the subprime bonds crisis.

Here comes WizKey DeFiNe, a Software-as-a-Service platform aiming to provide a strong foundation for receivables management with a hybrid on-chain and off-chain approach. Every receivable starts with its qualifying documents: a set of PDFs containing the information shaping credit nature. Additional files are added at a later time during negotiation.

Within DeFiNe, all the actions are initiated by the WK Client. The client must act as an entry point to the DeFiNe platform.

A screen representing the WizKey client console

The WizKey client orchestrates the three main components of WizKey Define: WizKey Services, WizKey Node, and Ethereum blockchain.

WizKey Client Console (WKC)

A cross-device desktop app built with Electron and React framework, WizKey Client Console (or just "the Console") is a customer-facing application devoted to supporting and orchestrating all receivables management operations within WizKey. A new user follows the configuration wizard to set up a new ethereum wallet and system credentials. Then, once a user is linked to a specific eth address, the Console can create new receivable entities and upload documents into a WizKey Node. When a new document is uploaded to the client, its hash is computed and notarized on the ethereum blockchain, then its receipt and the PDF file and describing metadata are sent to the WizKeyNode.

Once the qualifying receivable information is provided to the node, a user builds a finalized entity, interacting with an ethereum smart contract that stores document hashes within an ERC-721 Non-Fungible-Token, sent back to the customer's wallet, representing the digitized version of the receivable ownership. Having these operations performed directly by the console interaction with ethereum ensures them being accountable and time certified.

The Console manages all the negotiation steps, allowing interested buyers to explore the proposed receivables, sign an NDA agreement (notarized on the blockchain), and define relevant transaction information through the Q&A blockchain notarized information.

Finally, when the parties agree on contract finalization, the Console transfers receivable NFTs to an intelligent escrow contract that manages fulfilling operations, notifying their relative WKNs to proceed to related document transfer. The central WizKey Services globally maintain the nodes routing pointers table.

WizKey Services (WKS)

The initial step guides the user to configure the client. The user is asked to configure and set up a new identity which consists of an Ethereum wallet handling all the blockchain stuff and the authentication credentials into the global WizKey Services domain.

WizKey Services architecture on AWS, leveraging AWS Secrets Manager and Prometheus/Grafana

WizKey Services offer an API layer exposing the capability to manage a specific domain, adding, authorizing, and revoking credentials. This component comprises Kubernetes microservices deployed on AWS EKS through Neosperience Cloud Services (formerly Mikamai) technology. Every microservice is exposed through Amazon API Gateway and AWS Web Application Firewall to ensure security and scalability. A Keycloak cluster deployment provides identity management to the off-chain services with OAuth2 standard implementation. MongoDB, leveraging a cloud deployment within Mongo Atlas, is the preferred persistence model each microservice uses to store users' identity metadata and WizKey Node instance pointers.

WizKey Node (WKN)

Built with a particular focus on portability, these components provide each customer-dedicated storage for their receivable, with complete control over sensible document data. This is a focal point within the WizKey platform because it ensures the original data (i.e., PDF documents and security data tapes) is never removed from customer domain boundaries. Even WizKey does not need to be trusted. We never have any information about a receivable, just where it is located, storing node pointer within WKS, but any sensitive data.

Every WKN directly connects to an ethereum full node to verify receipts and check the client sent the same data hashed on the blockchain. Moreover, throughout all the receivable negotiations, the node validates the operations.

WizKey Node AWS deployment. Each node is dedicated to a single end customer.

WizKey customers range from banks to financial institutions and present a range of possible different infrastructures. This means WizKey had to choose the best-of-breed technology to ensure deployment portability. Nodes came in two deployment flavors: on-premise and managed. Equivalent on-prem tools like Kong for the API layer and Hashicorp Secrets Manager provide the same feature coverage.

WizKey Node on-premise deployment. Services scalability and high availability are the customer's duties when nodes are deployed on-premise.

In the last few years, Neosperience Cloud Services (formerly Mikamai) built a technology to support Kubernetes deployment, management, and administration through GitOps with support for interchangeable service interfaces. This allows WizKey to manage node rollouts into different cluster configurations. Moreover, a shared, managed Keycloak identity manager ensures users are authorized across different domains.

The complete architectural landscape

WizKey implements a hybrid multi-cloud and on-chain off-chain architecture to provide functionalities across different deployment choices. The architecture's core component is represented by the Ethereum blockchain, handled through Amazon Managed Blockchain baked full nodes or on-premise node management. Ethereum is the backbone of our transactions and the distributed ledger, ensuring accountability and tamper-proofing. Still, its involvement goes further because transferring receivables as NFTs means every operation can be tracked and audited and is non-undoable, thus confident and authentic. The choice of a global, worldwide blockchain such as Ethereum represents a guarantee the process is censorship-resistant.

WizKey Nodes, Services, and Client architecture and their relation to the ethereum blockchain.

WizKey faced several common decentralized application issues in the last three years, such as blockchain throughput, regulatory constraints deployment on layer-2 networks, ethereum fees, and multi-chain adoption during product development. Many architectural choices had to be made to ensure the best solution while accounting for constraints. We'll present some of them in the following articles, showing how WizKey made this architecture production-ready for its customers.