Platform Architecture

In this chapter, you will receive a detailed insight into the technological foundations of the ecrop platform. We will show you how our innovative architecture, based on state-of-the-art blockchain technology, decentralized validators, and cloud-native infrastructure, meets the requirements of the eWpG and crypto custody regulations while ensuring the highest security standards, scalability, and efficiency. Learn why ecrop is the ideal solution for demanding financial companies.

​

Platform Architecture: A Foundation for Innovation and Growth

The ecrop platform is based on a modern, multi-layered, and cloud-native architecture specifically developed for the high demands of crypto securities and crypto custody business. This architecture is divided into different logical layers to ensure a clear separation of responsibilities. Modularity, scalability, and security represent a flexible and robust foundation, which continuously develops our platform and adapts to our customers’ growing needs. The use of microservices enables high flexibility and maintainability of individual components.

• Highest Availability and Performance: Through the use of AWS, you benefit from a highly available and high-performance infrastructure that ensures smooth operation of your applications. We use multiple Availability Zones and regions to minimize the risk of outages and ensure continuous availability of your data.

• Optimized Resource Usage and Cost Efficiency: By using Managed Services, such as Amazon RDS for databases or Amazon S3 for storage, we reduce administrative overhead and optimize resource utilization. This way, you benefit from a cost-efficient solution that flexibly adapts to your needs.

• Comprehensive Security Mechanisms: AWS offers a wide range of security mechanisms that we use to protect your data from unauthorized access. These include encryption, access controls, firewalls, and intrusion detection/prevention systems.

• Best Practices & Compliance: We follow the best practices of the AWS Well-Architected Framework and the requirements of the BSI IT baseline protection, ensuring that our platform meets the highest requirements for security, performance, reliability, and cost efficiency. We also ensure compliance with all relevant compliance requirements, particularly the eWpG and CryptoAssetTransferV.

• Cloud-native Infrastructure (AWS): We rely on the leading cloud platform Amazon Web Services (AWS) to provide you with the highest standards in availability, scalability, security, and cost efficiency. By using AWS, you benefit from a highly available and high-performance infrastructure, a robust backup strategy with multi-AZ and multi-region functionality, and the ability to use new Availability Zones and regions to minimize the risk of outages and ensure continuous availability of your data. By using Managed Services such as AWS RDS for databases or Amazon S3 for storage, we reduce administrative overhead and optimize resource utilization.

  • Highest Availability and Performance: Through the use of AWS, you benefit from a highly available and high-performance infrastructure that ensures smooth operation of your applications. We use multiple Availability Zones and regions to minimize the risk of outages and ensure continuous availability of your data.

  • Optimized Resource Usage and Cost Efficiency: By using Managed Services, such as Amazon RDS for databases or Amazon S3 for storage, we reduce administrative overhead and optimize resource utilization. This way, you benefit from a cost-efficient solution that flexibly adapts to your needs.

  • Comprehensive Security Mechanisms: AWS offers a wide range of security mechanisms that we use to protect your data from unauthorized access. These include encryption, access controls, firewalls, and intrusion detection/prevention systems.

  • Best Practices & Compliance: We follow the best practices of the AWS Well-Architected Framework and the requirements of the BSI IT baseline protection, ensuring that our platform meets the highest requirements for security, performance, reliability, and cost efficiency. We also ensure compliance with all relevant compliance requirements, particularly the eWpG and CryptoAssetTransferV.

• Security Architecture: Multi-level Protection for Maximum Security

  Security is the top priority at ecrop. We employ a multi-layered security architecture that protects your data at all levels and ensures compliance with the highest security standards.

  • Defense-in-Depth Approach: Our multi-layered security approach (Defense-in-Depth) combines various security measures to ensure comprehensive protection against threats. Each layer of the architecture has its own security mechanisms that operate independently.

  • Proactive Risk Management: We proactively identify and assess potential security risks and implement appropriate risk mitigation measures. This includes regular risk analyses, security reviews, and penetration tests.

  • Zero-Trust Principle: We implement the zero-trust principle, where every access to the platform must be authenticated and authorized, regardless of location or network.

  • Continuous Monitoring & Intrusion Detection: Our systems are monitored around the clock to detect attacks and anomalies early. We use state-of-the-art Intrusion Detection/Prevention Systems (IDS/IPS) for this purpose.

  • Regular Security Reviews: Independent security experts regularly conduct penetration tests, security audits, and vulnerability scans to verify the effectiveness of our security measures and identify potential vulnerabilities.

  • Strict Separation of Environments: The strict separation of development, test, and production environments minimizes the risk of errors or security vulnerabilities moving from development into the production environment.

  • ISO 27001 Certification: Our ISO 27001 certification confirms our commitment to information security and compliance with the highest international standards.

• Defense-in-Depth Approach: Our multi-layered security approach (Defense-in-Depth) combines various security measures to ensure comprehensive protection against threats. Each layer of the architecture has its own security mechanisms that operate independently.

  • Proactive Risk Management: We proactively identify and assess potential security risks and implement appropriate risk mitigation measures. This includes regular risk analyses, security reviews, and penetration tests.

  • Zero-Trust Principle: We implement the zero-trust principle, where every access to the platform must be authenticated and authorized, regardless of location or network.

  • Continuous Monitoring & Intrusion Detection: Our systems are monitored around the clock to detect attacks and anomalies early. We use state-of-the-art Intrusion Detection/Prevention Systems (IDS/IPS) for this purpose.

  • Regular Security Reviews: Independent security experts regularly conduct penetration tests, security audits, and vulnerability scans to verify the effectiveness of our security measures and identify potential vulnerabilities.

  • Strict Separation of Environments: The strict separation of development, test, and production environments minimizes the risk of errors or security vulnerabilities moving from development into the production environment.

  • ISO 27001 Certification: Our ISO 27001 certification confirms our commitment to information security and compliance with the highest international standards.

• Scalability and Performance:

  The ecrop platform is designed to flexibly adapt to your growing business requirements. We ensure highest performance and scalability, even during peak transaction volumes.

  • Horizontal Scalability: Thanks to our modern microservices architecture and the use of Kubernetes, we can scale our resources horizontally and thus react to fluctuating loads at any time. This ensures smooth operation of your applications even during high transaction volumes.

  • Automatic Scaling (Auto-Scaling): AWS Auto-Scaling automatically adjusts resources to current needs. This ensures optimal resource utilization and minimizes costs.

  • Flexible Capacity Adjustment: We proactively plan our capacities and ensure that our platform continues to meet your requirements in the future. You can rely on a dependable and high-performance solution that grows with your company.

• Frontend: The frontend is the user interface of the ecrop platform. It provides you with intuitive access to all functions of the crypto securities register and crypto custody. The frontend communicates with the backend via a secure API.

• Backend: The backend contains the business logic and database of the ecrop platform. It processes frontend requests and communicates with the blockchain and external systems.

• Blockchain: The blockchain is the heart of the ecrop platform. It stores all transactions and registry data securely and transparently. ecrop uses a Private Permissioned Blockchain with integrated Hyperledger Besu Enterprise Layer.

• Database: The database stores all off-chain data, such as master data of issuers and crypto securities, as well as transaction details. The database is redundantly designed and operated in the AWS cloud.

• External Systems: The ecrop platform is integrated with various external systems, such as KYC/AML service providers and payment providers. Communication with external systems occurs via secure interfaces.