Skip to main content

System Overview

Introduction

Universal Financial Gateway (UFG) operates as a blind intermediary - a secure routing layer that enables financial institutions (Securities Companies and Custody Banks) to exchange encrypted messages without UFG being able to decrypt the payloads.

This architecture ensures that sensitive financial data remains confidential between the sender and the receiver, while UFG provides the necessary infrastructure for reliable message delivery, logging, and audit trails.

High-Level Architecture

Core Components

1. Broker (Member)

  • Initiates transactions (e.g., Query Balance, Hold Funds).
  • Responsibilities:
    • Encrypts payload using Custody Bank's Public Key.
    • Signs the message using their own Private Key.
    • Handles responses from UFG.

2. UFG Gateway (Intermediary)

  • Acts as the central hub for message routing.
  • Responsibilities:
    • Signature Verification: Ensures messages are authentic and untampered.
    • Blind Routing: Forwards encrypted payloads without decryption.
    • Audit Logging: Records metadata (timestamp, message ID, sender/receiver) for compliance.
    • Idempotency: Prevents duplicate processing of requests.

3. Custody Bank (Receiver)

  • Processes financial requests and manages accounts.
  • Responsibilities:
    • Decrypts payloads using their Private Key.
    • Validates business logic (e.g., checks balance).
    • Encrypts responses using Broker's Public Key.
    • Signs responses with their Private Key.

Workflow Summary

  1. Broker encrypts a transaction payload using the Custody Bank's public key.
  2. Broker signs the entire message (header + encrypted payload) with their private key.
  3. UFG Gateway verifies the signature to ensure message integrity and authenticity.
  4. UFG routes the encrypted payload to the Custody Bank's webhook (without decrypting).
  5. Custody Bank decrypts the payload using their private key, processes it, and encrypts the response.
  6. UFG routes back the encrypted response to the Broker.

Key Benefits

  • Privacy: UFG cannot see the content of the financial transactions (amounts, account numbers).
  • Security: End-to-end encryption and digital signatures ensure data integrity and non-repudiation.
  • Reliability: Centralized logging and monitoring provide visibility into system health.
  • Standardization: Uses ISO 20022 standards for interoperability.