GM-X ERP for Blockchain is the first solution of its kind to enhance mutual trust and security among trading partners by incorporating proven blockchain and encryption technologies.
As enterprises face increasing pressure to gain competitive advantages through enhanced business-to-business collaboration, the rapidly accelerating incidence of catastrophic security breaches affecting enterprises of all sizes across all industries is drawing urgent attention to the security vulnerabilities of existing IT infrastructure and applications. As these attacks grow ever more frequent and sophisticated, “hardening” existing systems has become a never-ending, costly and ultimately futile effort. Businesses and consumers no longer trust the patchwork approach to adequately protect their information assets.
Blockchain, a disruptive technology which has emerged only within the past decade, is one of the most heavily tested and secured technologies in the world. Its core technology is now as provably secure as it is possible for anything to be.
Traditional centralized systems and databases are vulnerable to data corruption as well as data theft risks. That's because anyone with sufficient credentials can alter the contents of a database without leaving a trace. Blockchain technology makes this impossible.
Geoprise Technologies is the first software house in the world to step forward with a pragmatic solution to leverage this new technology for the benefit of supply chains, which are the core focus of most ERP systems.
What is blockchain technology?
Blockchain technology makes shared information permanent, tamper-proof and verifiable.
A blockchain is a continuously growing electronic ledger of transactions called ‘blocks’, which are linked like a ‘chain’ and cryptographically secured. Each block contains transactions, a timestamp and a pointer linking it to a previous block; and is inherently resistant to modification of the data.
Unlike centralized databases, which concentrate control in one place, a blockchain is collectively managed by the participants in a peer-to-peer network. Each participant keeps a current copy of the whole blockchain at its own location, or ‘node’. Participants adhere to a protocol for validating new blocks which automatically prevents participants from colluding to rewrite the transaction history.
Because blocks have self-certifying identifiers, all blockchain participants benefit by avoiding expensive and time-consuming audits, data verification and reconciliation.
In addition to blockchain technology, the GM-X Blockchain Server also incorporates strong encryption to automatically open or close ‘data valves’ at each node which keep data in the blockchain confidential.
What are data valves?
Before a participant publishes an item of data to the blockchain, the GM-X Blockchain Server automatically encrypts the data using a randomly generated password. That password, in turn, is automatically encrypted using the public keys of all other parties who have the publisher’s permission to read the data.
In this way, the data item is visible only to participants who are able to decrypt the password automatically using their own private key, and then decrypt the data automatically using the password. Even though all the other participants have copies of the encrypted data, and can verify that it is genuine, they cannot decrypt or see it—either automatically or manually.
This mechanism allows each participant in the blockchain to maintain complete control over the data items it publishes to the other participants, without imposing any costly administrative overhead.
GM-X for Blockchain is far more secure than collaborating with centralized systems
The security vulnerabilities of centralized systems—whether hosted in a traditional data center or by a cloud provider—arise from the concentration of control in one place:
- A cyber-criminal who is able to hack into a centralized system can steal all the unencrypted data it contains.
- Laws of many countries allow authorities to obtain copies of your data from cloud providers or data center operators without notifying you.
- Even if your data is encrypted, system administrators or ‘super users’ can decrypt, view and distribute it without your permission.
- A cyber-criminal who is able to hack into a centralized system, and compromise its encryption keys, can steal and decrypt all your data.
GM-X for Blockchain neutralizes these threats by allowing you to run your GM-X ERP application behind your internal firewall. External parties and cyber-criminals can never access it directly.
Meanwhile, GM-X for Blockchain allows you to fully and securely collaborate with external parties via blockchains, using data valves to maintain complete confidentiality and control over your data.
GM-X Blockchain Server Components
GM-X for Blockchain includes a Blockchain Server which runs on either Microsoft® Windows® or Linux®/UNIX operating systems. It is installed at each participant node and can be clustered for load balancing and high availability.
The GM-X Blockchain Server provides Federated Blockchain Manager and Data Valve services for the node where it is installed.
Federated Blockchain Manager
Collectively, the Blockchain Servers in the network are responsible for:
- Restricting blockchain access to permitted users only, using cryptographic signatures;
- Allowing access to multiple blockchains from a single server node, with permission;
- Conferring privileges within the network, including each participant’s validation rights and rights to administer the privileges of other users, in addition to the rights to send (write) and/or receive (read) transactions;
- Enforcing the voting protocol for reaching consensus among the blockchain’s administrators on any change to a participant’s rights;
- Accepting new transactions from permitted participants, organizing them into new blocks and sending them to all the other participants (propagation);
- Receiving new blocks arriving from the other participants;
- Validating new blocks by proving a permitted participant’s cryptographic block signature;
- Enforcing a diversity policy which requires permitted participants to wait for their turns in the rotation when validating blocks. This mechanism prevents a participant from validating any more blocks until a minimum number of consecutive blocks has been validated by the other permitted participants; and
- Verifying validated blocks.
Each blockchain server is also responsible for protecting the visibility and confidentiality of data in the blockchain. The data valves perform the following at each participant node:
- Generates an RSA key pair, and publishes the public key to the other participants;
- Receives transaction data from the GM-X Application Server running at the sender’s node;
- Generates a random 48-digit base 64 password for each transaction at the sender’s node, and then encrypts the transaction data with the Advanced Encryption Standard (AES) algorithm using this password before propagating the transaction to the other participants;
- Maintains a password directory for transactions at the sender’s node;
- Encrypts the password once for each public key published by the other participants who are authorized to see the data, using the RSA algorithm, and publishes each encrypted password to the respective participants along with a link to the transaction it protects;
- Decrypts the password at each authorized participant’s node, using that participant’s private key;
- Decrypts the transaction data at each authorized participant’s node, if the password decryption was successful; and
- Passes the decrypted transaction data to the GM-X ERP system running at each recipient’s node, if the password decryption was successful; otherwise the transaction is ignored.