May 8, 2018 — The Multi-Trust Connector (MTC) is a technical solution for user data permission and authorisation, which is the most important regularisation related module in our data service network. The MTC records every user’s data permission and writes the metadata (Merkle tree root node) on the blockchain, ensuring the transparency, tamper resistance as well as privacy protection.
For example, when user ‘C’ applies for a loan from a financial institute ‘B’, the institute would request personal data of the user from credit agency ‘D’ in order to assess and manage risks. Such data request (from ‘B’ to ‘D’) needs permission from ‘C’ beforehand, in order to gain access to the data. The traditional way of doing this is for ‘B’ to acquire authorisation and keep the record themselves, usually relies on (paper) documents. Hence ‘D’ is not able to verify it in real-time and can’t be ensured of the record authenticity. MTC provides authorised technical solutions for user ‘C’, financial institution ‘B’ and credit agency ‘D’, saving the authentication and authorisation data on the blockchain. All the user’s data authorisation behaviour is written on the blockchain through smart contracts . To ensure that the authorisation is open and irrevocable.
We’ve collaborated closely with MTC’s pilot clients on the product design and development. There are two modules of MTC:
1. the permission management SaaS tool; and
2. authorization service API infrastructure.
The development of the first version of the above two are finished.
In this month, we will release the beta version of MTC, and integrate the product with our pilot clients. We will also open the source code of MTC, test the product with our industry partners, and develop smart contracts for MTC.
Mutual Information Technology Framework
- The authorisation Software Devlopment Kit (SDK) provides the authorisation interface and the application. With the app, the user sends an authorisation to the authorised server (SVR). Through the SDK authorisation interface, the user will on their turn receive the authorisation key.
- When the application extracts a user’s data to the data source/service SVR, it needs to comply with the authorisation key at the same time.
- The data source/service SVR verifies the authorisation key by requesting an authorised SVR → permission granted.
- The authorising SVR also saves the user’s authorisation request by making use of a smart contract that saves it on the blockchain.