Technical Overview

Geora is a blockchain-based platform for securing, tracking, and financingagricultural supply chains. Geora provides digital infrastructure and tools that allowusers along agricultural supply chains to build trade and finance solutions using theWorkspace, Showcase, Network, and Developer capabilities of the platform. Thisdocument contains an overview of the technical design and implementation ofGeora, including a breakdown of its components and the technologies used.

TLDR

How does Geora work?

Why does Geora use blockchain?

Can I use my existing data platforms with Geora?

How is my data secured when I use Geora?

Core Technology

Geora is a hybrid blockchain system. The system is composed of three layers:

In this section, we will elaborate on each of these layers, and the components within.

Network layer

The protocol layer is the source-of-truth for data in Geora. A private, distributed network of Ethereum nodes contains asset, certificate, and broader supply-chain data. Core logic is encoded into smart contracts on the network, which govern asset ownership, permissions, and verifiable digital certifications. All participants of the network are able to verify that the logic is correctly executed.

Data stored in the protocol layer is immutable and versioned; meaning each update to the system adds another layer to its history. This history cannot be rewritten,providing an auditable record of changes to any data in the protocol, as well as an execution record for all trade and  finance events. The histories of these workflow scan be accessed and analysed by tools in the application and business logic layers.

Asset data is not added in isolation: each record can be linked to other assets, smart contracts, and sustainability tokens, to build a complete picture of a supply chain. All claims and certificates which back sustainability data are fully auditable.

Geora has developed infrastructure to scale and manage the private network,reducing the complexity of interacting with a blockchain for both users and developers; the Geora API is blockchain-agnostic, without compromising onimmutability and data security.

This layer also stores encrypted certificates in IPFS, which are hashed and attached to assets in the Ethereum smart contracts - preventing any centralised point of failure for digital certificate storage.

Business logic layer

The business logic layer manages and deploys Ethereum smart contracts. Using these contracts and a customisable workflow engine it supports financial agreements and workflows tailored to customer requirements. These workflows can operate on assets, tokens, certificates, users, and digital currency to perform domain-specific actions.

At its core, Geora’s smart contracts represent agri-assets as semi-fungible tokens,which are continuously updated as they move through different stages of the supply chain.

The asset tokens are built by combining ubiquitous Ethereum token standards: ERC20 (fungible tokens), ERC-721 (non-fungible tokens), and ERC-1633 (re-fungible tokens). They are therefore compatible with other DeFi, traceability, and blockchain protocols. Each asset can be further linked to tokens representing eco-credits,carbon or water offsets, and financial instruments.

Blockchains are typically difficult to use, even for experience developers, due to theiradded complexities around security, performance, and distributed transactionmanagement. The business logic layer also contains supporting infrastructure whichsimplifies customer use of the platform:

Implementation

The layer is made up of a number of components deployed across Amazon Web Services and DigitalOcean, and relies upon managed providers of databases(Amazon Relational Database Service), secret management (AWS Secrets Manager), and file storage (AWS S3). Components are developed in the TypeScript, Haskell, Purescript, and Java languages

Core Technology

This layer provides customers of all technical abilities with access to the Geora platform. As part of the access layer, Geora provides a SaaS supply-chain traceability solution for non-technical users through a web app. The app is split into four complementary modules:

Platform Performance and Privacy

Blockchain protocol

Geora uses the Ethereum blockchain to power the network layer. This is a private, permissioned network containing nodes which execute and verify all transactions.These nodes are operated by both Geora and its customers, creating a consortium chain.

Ethereum provides a number of advantages over other networks:

The network is secured using the IBFT2 consensus protocol, which provides finality and fault tolerance. It prevents bad actors from adding incorrect data or breaking the rules of the system. With a current block time of two seconds and high gas limits, the network is capable of processing hundreds of transactions per second in parallel,and tens of thousands of updates.

The network is composed of multiple validator nodes, including those managed by customers. It supports nodes entering and leaving the network, and tolerates node failures, without compromising up time and remaining highly-available.

Privacy

Customer privacy and flexibility of data permissioning are built into Geora at all layers. Geora supports data privacy, making asset and workflow data available to only those with permission, as well as transactional privacy, which obscures a customer’s counterparties and the actions they take within financial contracts.

To achieve these goals, Geora uses a three-pronged privacy solution:

  1. Merkle trees and other hash technologies secure asset data at the protocol layer by compressing all data into one or more cryptographic hashes. The protocol can share this hash across all nodes without revealing any of the constituent data. Through Merkle proofs or providing plain text, workflows and contracts can check specific values in the data without revealing the entire asset.

  2. When customers upload certificates, the protocol encrypts the data using a unique data key per certificate and stores it on IPFS. Users can share and revoke access to these files using their own private keys via asymmetric encryption.

  3. Each user in the system can hide their identity using pseudo-anonymous ondemand identities. For each action they take, the user can generate a new identity using a hierarchical deterministic wallet that cannot be traced back to their public identity.

Data Management and Backups

Data residency

The platform uses a handful of external services to enhance its functionality, each with its own data residency and privacy policies. Each of these services receives only the minimum data required to operate.

Backups

A hybrid blockchain solution lends itself well to data resiliency. The “core” data in the Geora platform is stored in our Ethereum network, which spans two continents and two clouds for maximum redundancy. The network can tolerate limited node failures and still accept new data. All network data is fully replicated across all nodes, and in the event of a wider outage the network will stop accepting new transactions, but maintain existing data in the append-only log.

Transaction data from Ethereum is mirrored into Apache Kafka and streamed into RDS by our proprietary event sourcing service. This means that core transactional data is replicated to at least three data stores: Ethereum, Kafka, and RDS. Any of these stores can be rebuilt with data from any other store.

Customer data that does not fit the blockchain, like account information, is also stored in RDS. A daily automated backup is taken of this data.

Data segregation

As a SaaS platform, Geora does not physically segregate data from different customers or accounts. However, our platform is designed with privacy in mind and enforces strict logical segregation at the database level. Services with different data requirements are given minimum permissions to function to minimise the risk of data leakage.

In particular, the GraphQL API which is available to all customers is strictly controlled. The API can only resolve customer data through a dedicated database role, which is restricted with row-level security. This separates account data at the database level, rather than the application level. Even in the event that an attacker can exploit the API to execute arbitrary database queries, these queries could only see the data which is permissioned to a single customer account.

All customer files which are stored outside of the database (in S3 and IPFS) are encrypted with a unique key per file. Revealing the key for a particular file does not allow access to any other files from the same or other customers.

Security and Access Control

Platform access

The Geora UI and API are secured by industry-standard JWT authentication. Our identity provider, Auth0, is responsible for authenticating all user requests and returning a signed JWT that permits access to the API. Customer authentication information is stored by Auth0, and the Geora team has no access to customer passwords or password hashes.

Some parts of the Geora platform are able to be made public. For example, a customer can share a QR code that links to the history of a particular asset. By default, all data is private, and a customer must always explicitly grant permission to make it public. Through our lens feature, each public view of an asset history can contain some or all of the asset history, and can leave sensitive data hidden. Public view permissions are enforced at the database layer using row-level security, as with regular customer data.

Development practices and support

The Geora team follows best practices for secure development. Access to resources and deployment environments is access-controlled and scoped to individual developers, using AWS IAM authentication and a password manager. All code and development artifacts are subject to code review for security and correctness before deployment.

As part of the customer support process, the Geora team may access customer data when given direct permission. Access is restricted through admin accounts with limited team access, is time-limited to the support request, and is fully audited through our tracing infrastructure. Additionally, the nature of the blockchain means that unauthorized data changes are immutably recorded forever and cannot be hidden.

Integrations

To integrate customer systems with the platform, Geora provides three options:

As part of the integration process, the Geora team engages with the customer to understand their requirements and find the best integration option. If the customer chooses webhook or email integrations, there may be additional development work required by the Geora team.

Data sent via the API and webhook options is encrypted in transit with HTTPS..

The frequency of data refresh of each customer integration depends on requirements. The system is capable of high-frequency refresh, receiving live updates as events occur in customer systems, down to daily or weekly bulk uploads