This chapter provides a detailed insight into the architecture, security concepts, and administrative functions of the ecrop platform. You will receive detailed information about the core components, data flows, user roles and rights, as well as admin functions and underlying compliance mechanisms. This understanding is essential for effective integration, secure usage, and compliance with regulatory requirements when operating the ecrop platform in your company.

System Architecture: Secure, Scalable, and Highly Available

The ecrop platform is based on a multi-layered, cloud-native architecture specifically developed for the high demands of financial institutions dealing with crypto securities and crypto assets. The architecture is modularly designed and uses microservices to ensure maximum flexibility, maintainability, and scalability. The use of a Private Permissioned Blockchain with integrated Hyperledger Besu Enterprise Layer and Hardware Security Modules (HSMs) ensures the highest security and availability.
  • Frontend: The frontend is the user interface of the ecrop platform. It provides you with intuitive access to all functions of the crypto securities register and crypto custody. The frontend communicates with the backend via a secure API.
  • Backend: The backend contains the business logic and database of the ecrop platform. It processes frontend requests and communicates with the blockchain and external systems.
  • Blockchain: The blockchain is the heart of the ecrop platform. It stores all transactions and registry data securely and transparently. ecrop uses a Private Permissioned Blockchain with integrated Hyperledger Besu Enterprise Layer.
  • Database: The database stores all off-chain data, such as master data of issuers and crypto securities, as well as transaction details. The database is redundantly designed and operated in the AWS cloud.
  • External Systems: The ecrop platform is integrated with various external systems, such as KYC/AML service providers and payment providers. Communication with external systems occurs via secure interfaces.

User Roles & Rights: Granular Access Control for Maximum Security

ecrop uses a detailed role concept and a granular permission matrix to regulate access to the platform and its functions. This ensures that only authorized users can access sensitive data and perform certain actions. We rely on the Principle of Least Privilege and Role-Based Access Control (RBAC).
  • Role Concept: The role concept defines various user roles with different rights and responsibilities.
  • Permission Matrix: The permission matrix defines access rights for each role to the various functions and data of the platform.
  • User Management: Administrators can create, modify, and delete user accounts and assign roles and permissions.
  • Access Rights: Access rights are regularly reviewed and adjusted as needed to ensure platform security.

Admin Functions: Full Control Over Your Platform

ecrop offers comprehensive admin functions that give you full control over your platform and support compliance with regulatory requirements.
  • Admin Functions and Permissions: Administrators have access to all platform functions and can configure all settings.
  • Platform Management: Administrators can configure, maintain, and monitor the platform, including monitoring system utilization and performance.
  • User Management: Administrators can create, modify, delete user accounts and assign them roles and permissions.
  • System Configuration: Administrators can configure all system settings, e.g., API limits, security policies, and notifications.
  • Monitoring, Logging, and Reporting: Administrators have access to extensive monitoring, logging, and reporting functions to monitor and analyze platform activities and ensure compliance with requirements.