Technical Architecture

DEVITA’s platform infrastructure is optimized for data security and data democratization. This means that even whilst using certain centralized technological functionalities, there were no compromises made to user sovereignty in their personal data. DEVITA’s technology stack makes use of and leverages the most cutting-edge technologies, including but not limited to the following.

IPFS

IPFS is a distributed system for storing and accessing files, websites, applications, and data. The DEVITA team chose IPFS because it uses a distributed system for storing and accessing files, websites, applications, and data. IPFS distributed content is accessible through peers located anywhere in the world, and data could be stored much more safely (Benet 2014).

IPFS is a protocol made for fully decentralized, peer-to-peer data sharing and storage. Every piece of content that uses the IPFS protocol has a content identifier or CID that is its hash. The hash is unique to the content that it came from.

Polygon

Polygon combines the best of Ethereum and sovereign blockchains into a full-fledged multi-chain system. Polygon solves pain points associated with Blockchains, like high gas fees and slow speeds, without sacrificing security making it a much more valid solution for applications wanting to take advantage of the Ethereum blockchain’s ecosystem (Kanani 2018).

SHA256 with RSA signature

SHA256 with RSA signature is an efficient asymmetric encryption method used in many secure APIs. This algorithm first calculates a unique hash of the input data using the SHA256 algorithm. The hash is then encrypted with a private key using the RSA algorithm (Nakov 2018).

xDai cross-chain bridges

The xDai chain uses the ERC20 to Native TokenBridge functionality to provide fast, inexpensive, and stable transactions. This bridge allows users to transform DAI (an ERC20 stable token) on the mainnet into xDAI on a compatible chain. xDAI tokens can then be sent quickly and with minimal cost on the xDAI network. The xDAI chain has been a breakout success in the Ethereum community, providing an easy way for vendors to accept a stable cryptocurrency (Gross 2019).

Golang APIs and Workers

The Golang API is mainly used for non-consensus critical data that is used by the dApp such as lists of countries, regions, and city codes. Data that is non-consensus will not be stored in the blockchain, rather it will be stored inside a PostgreSQL Database instance. Golang worker is a service built intentionally to listen and confirm payments from the Ethereum Network - more specifically the Escrow smart contract. After receiving confirmed payment notification, the payment confirmation is then published through the Substrate pallets.

Web3.js

Web3.js is a popular library that allows programmers to interact with the Ethereum blockchain. It represents a JavaScript language binding for Ethereum’s JSON RPC interface, which makes it directly usable in web technology, as JavaScript is natively supported in almost all web browsers. Web3.js can be used to connect to the Ethereum network via any Ethereum node that allows access via HTTP. This may be a local node, a node hosted by the DApp provider, or public gateways such as Infura, which operate free Ethereum access points (Beyer 2019).

Swarm Network

Swarm Network provides open technology to enable the creation and management of digital assets. Swarm Network’s SRC20 protocol is open, permissionless, a standard allowing anyone to build on top and fully empowering the user with the ability to create regulatory compliant digital assets (Trón 2020).

Redundancy makes the system resilient to connectivity issues, node churn, or targeted DDoS attacks and enables a zero-downtime service. Users remain sovereign owners of their personal data in alignment with fair data principles. Shifting the cost of access, hosting, and execution to users removes the last obstacle to truly agile and adaptive application development.

The DISC (Distributed Immutable Store of Chunks)

The DISC is the underlying storage model of Swarm. It consists of nodes that collaborate in storing and serving data in such a way that, while individual nodes are assumed to pursue strategies that maximize their operator’s profit, the behavior of the network as a whole attains the following emergent properties:

• Privacy-preserving and permission-less upload and download

• Robust defenses against blocking or changing access to content once published

• Auto-scaling with increased demand

• Integrity protected content

• Eventually forgetting content that is no longer relevant to preserve

OpenSSL

Open SSL is an all-around cryptography library that offers open-source applications of the TLS (Transport Layer Security) protocol. First released in 1998, it is available for Linux, Windows, macOS, and BSD systems. OpenSSL allows users to perform various SSL-related tasks, including CSR (Certificate Signing Request) and private keys generation and SSL certificate installation (Ristić 2013).

Wallet Connect

WalletConnect is an open-source protocol for connecting decentralized applications to mobile wallets with QR code scanning or deep linking. A user can interact securely with any Dapp from their mobile phone, making WalletConnect wallets a safer choice compared to desktop or browser extension wallets (Gomes 2018)

EVM-based smart contracts

• ERC20

  • An ERC20 token is a standard used for creating and issuing smart contracts on the Ethereum blockchain. The ERC20 standard was implemented in 2015 (Buterin 2015).

• ERC1155

  • ​​ERC-1155 is a standard interface for contracts that manage multiple token types. A single deployed contract may include any combination of fungible tokens, non-fungible tokens or other configurations e.g. semi-fungible tokens (Cooke 2018).

Technology layers

• Application: This layer consists of multiple applications that interact with the end user. This consists of users who are using the platform for the medical services, the medical professionals these users interact with and conglomerates which would be interesting in the research data available in the marketplace.

• Application Programming Layer: This layer handles the secure storage and sharing of the medical data accessible by the platform. It handles the authentication and authorization of the data as well ensuring the data is tamperproof.

• Blockchain layer: DeVita leverages main-net Ethereum and its Layer-2 solutions for settlements and user authentication. The storage system uses IPFS and its peripheral services to create a smooth and seamless experience for the users to upload and share their data in a secure manner.

Encryption

The data uploaded, stored and transmitted are always encrypted. The only place the unencrypted data resides is on the device of the user itself, for offline use.

Data in Motion: Due to the platform consisting of multiple independent subsystems that have no direct access or dependency on each other, there are various instances where the data is in motion. These layers are always secured using SSL.

User medical data storage: When the user decides to upload the data from their device to the blockchain, this data is encrypted on the device itself and never leaves the device unencrypted. Once encrypted this data is uploaded to the blockchain, with the only decryption key available to the user. Since the user is the only one who needs to be able to access this data as a whole, we use AES Symmetric encryption.

Sharing of Data (Peer to Peer): There are various situations where the user may want to share their information, completely or partially with another user on the platform i.e. Medical professionals they are consulting. In this case the user would have to upload these files from their devices to be forwarded to the peer. These files are encrypted on the user’s device using an RSA encryption, using their private key and the peer’s public key for exchange key generation while using SHA-256 to ensure the data is tamper proof and verifiable.

Once encrypted, the data and the SHA-256 are forwarded to the peer. The peer can then decrypt the data using their private key and the sender’s public key. They can use the SHA-256 hash sent as part of the payload to verify the integrity of the files.