Architecture of Insaanity Nodes-TPRE

Insaanity provides a decentralized and scalable infrastructure for secure data sharing and access control. It enables data owners to maintain control over their encrypted data while allowing selective and privacy-preserving access to authorized users. The nodes that provide this service are called Insaanity-Proxy nodes.

These nodes play a crucial role in providing access control and data privacyand are responsible for performing the re-encryption operations and managing access policies on behalf of data owners. They act as intermediaries between the data owners and data consumers.

The architecture of Proxy Re-encryption involves the following components:

  1. Data Owner:

    • Data owners are entities that possess the data and want to securely share it while maintaining control over access.

    • Data is encrypted and stored securely in distributed storage.

  2. Proxy Nodes:

    • Proxy nodes form the backbone of the Insaanity-TPRE network. They handle re-encryption operations and enforce access policies on behalf of data owners.

    • Each proxy node is operated by an independent operator and has a unique cryptographic key pair.

    • The proxy nodes communicate with others to maintain consistency and handle access control operations.

  3. TPRE API:

    • Proxy nodes expose API’s that data consumers can interact with to request access to encrypted data.

    • The API allows data consumers to submit access requests, provide necessary credentials, and receive re-encrypted data for decryption.

  4. Access Control:

    • When a data consumer wants to access encrypted data, they submit an access request to the proxy nodes through the TPRE API.

    • The proxy nodes validate the access request against the access policies defined by the data owner.

    • If the access request is valid, the proxy nodes perform re-encryption on the encrypted data to make it accessible to Bob.

  5. Cryptographic Operations:

    • Proxy Re-encryption is a cryptographic operation performed by the proxy nodes.

    • The proxy nodes transform the encrypted data from the data owner into a new encrypted form that can be decrypted by the authorized data consumer.

    • Re-encryption is done without revealing the underlying data to the nodes or requiring access to the data owner's private key.

Last updated