NxtAssets security architecture
A single-vendor, fully managed stack with encryption always on, a tamper-proof audit trail backed by database-engine features, and a government-cloud deployment path. The full architecture detail lives on the For security teams page; this page summarizes the highlights and links out to the canonical white paper.
Full document
The complete NxtAssets Security Whitepaper — platform stack, encryption detail, immutable-table specifics, access control, OCI security services, and compliance attestations — is available as a PDF on the Resources page. The shorter in-page summary below covers the architecture at a glance.
At a glance
- Platform. Oracle Cloud Infrastructure (OCI), Oracle Autonomous Database 23ai, Oracle APEX 24.2. OCI Government Cloud (FedRAMP High, DISA IL4/IL5) available on request.
- Encryption at rest. Transparent Data Encryption with AES-256, always on, cannot be disabled.
- Encryption in transit. TLS 1.2 or 1.3. Unencrypted connections rejected server-side.
- Tamper-proof records. Custody events, seal events, and workflow transitions stored in Oracle blockchain tables — insert-only at the database-engine level, with SHA2-512 cryptographic chaining.
- Access control. OCI IAM with SAML/OIDC federation and MFA; APEX role model with least-privilege defaults; unified auditing always on.
- Compliance. SOC 1/2/3, ISO 27001, FIPS 140-2, NIST 800-53. OCI GovCloud adds FedRAMP High and DISA IL4/IL5.