R3 is set Tuesday to release a new version of its open-source distributed ledger software with the added feature of a built-in application firewall.
The technology behind Corda Enterprise took three years of design work and thousands of hours of coding by R3, banks, insurers, asset managers and technology professionals, the company said.
Mariana Gomez de la Villa, manager of global distributed ledger technology program at ING, an R3 consortium member, said the new firewall hopefully will help win approval of the bank's compliance department for Corda applications.
“Some of the main features in Corda Enterprise include privacy and confidentiality and now we can embed these features to the solutions that we are developing ourselves, such as Marco Polo [for trade finance],
Corda is already a permissioned blockchain, so theoretically no one could access it without being given a private key.
But according to Richard Gendal Brown, chief technology officer of R3, the new layer of security is a way for blockchain applications to live behind a bank’s firewall, alongside sensitive internal applications, but to let them still interact with counterparties at other banks.
“You need to think about a bank’s corporate network,” he said. “The systems they care about — and which they want to be in sync with their counterparties — live deep inside their networks, safely protected far away from attackers and adversaries on the internet.
"Yet a key reason for deploying blockchain in the enterprise space is to enable firms to transact with each other across public networks such as the internet. So large organizations with these complex network topologies face a dilemma: how do they simultaneously deploy their blockchain node close to their most cherished applications while also allowing their blockchain node to communicate with their counterparts, without compromising the design of the network their security experts worked so hard to put in place?”
Brown said Corda blockchain application firewall lets a Corda application be integrated with internal applications, while a small, “hardened” part of the node is allowed to “float” into the exterior “demilitarized” portion of the corporate network, to act as the point at which all incoming and outgoing traffic is inspected and blocked if necessary.
“This firewall only allows data from permissioned parties on the network through to the node itself,” Brown said.
Applications developed by partners such as Finastra, Gemalto, Guardtime, GuildOne, TradeIX and Tradewind Markets are now live on both Corda Enterprise and Corda.