Security

Audit Trail

The Terranoha platform is built on a subset of microservices. Among those them we have:

  • Smart Gateway to authenticate users
  • Bot Service to coordinate the bot workflow
  • Intent Service to clarify user’s intents
  • NLU Service to process natural language

Each received request and performed action is audited and recorded.

Audit report can be downloaded on demand from Emmie (Terranoha bot) or via REST API, according to the user granting permissions.

Here below a few examples of some audit records

User starts a conversation:

{
“ctoken”: “42d30d29-79ce-42b6-aef0-74988a054a7e”,
“channel”: “MSTEAMS”,
“client”: “ACME”
}

In this request, user is identified by the ctoken field, which is the id of the user messaging system account. This ctoken is link to a user account.

User receives a link to securely authenticate:

{
“ctoken”: “42d30d29-79ce-42b6-aef0-74988a054a7e”,
“channel”: “MSTEAMS”,
“client”: “ACME”,
“callback”: “https:\/\/service.terranoha.net\/tna\/service\/auth-status”,
“ttl”: 1621260188716
}

The Stream-id is linked to a time stamp and some other metadata fields. Emmie bot creates the report, joins the dependencies needed to have a full view on the audit trail details and provides a readable format.

User requests a quote to bot-service:

{
“data”: {
“message”: “mkt eurusd 100k”,
“id”: “620633749000”,
“channel”: “MSTEAMS”,
“stream-id”: “a:1LAcxPeLEaF5yWwQUhM2_T8UMHMqYm-sjOxbg8WMG0AXV3bfgcPlFoej3qC2j0MO6IYC4LdSlDWtG9Yp2qWQ8bFP6t0TJp3DJjn_WcHbQAd0r3MUMU-D94rnhemsA7LLo”
},
“action”: “message.crack”,
“auth”: {
“channel”: “MSTEAMS”,
“ctoken”: “42d30d29-79ce-42b6-aef0-74988a054a7e”,
“client”: “ACME”
}
}

Message is interpreted by intent-assistant:

{
“data”: {
“context”: {
“ccy1”: “EUR”,
“ccy2”: “USD”,
“qty”: “100000.0”
},
“id”: “620633749000”,
“language”: “en”,
“intermediate”: “false”,
“stream-id”: “a:1LAcxPeLEaF5yWwQUhM2_T8UMHMqYm-sjOxbg8WMG0AXV3bfgcPlFoej3qC2j0MO6IYC4LdSlDWtG9Yp2qWQ8bFP6t0TJp3DJjn_WcHbQAd0r3MUMU-D94rnhemsA7LLo”,
“context-type”: “forex”,
“intent”: “request”,
“scope”: “quote”
},
“action”: “message.crack.result”
}

User makes an order request to bot-service:

{
“data”: {
“message”: “buy 1m eurusd 1W 360t”,
“id”: “620633749013”,
“channel”: “MSTEAMS”,
“stream-id”: “a:1LAcxPeLEaF5yWwQUhM2_T8UMHMqYm-sjOxbg8WMG0AXV3bfgcPlFoej3qC2j0MO6IYC4LdSlDWtG9Yp2qWQ8bFP6t0TJp3DJjn_WcHbQAd0r3MUMU-D94rnhemsA7LLo”
},
“action”: “message.crack”,
“auth”: {
“channel”: “MSTEAMS”,
“ctoken”: “42d30d29-79ce-42b6-aef0-74988a054a7e”,
“client”: “ACME”
}
}

Message is interpreted by intent-assistant:

{
“data”: {
“context”: {
“side”: “buy”,
“ccy1”: “EUR”,
“ccy2”: “USD”,
“qty”: “1000000.0”,
“counterparty”: “360t”,
“set-type”: “1W”
},
“id”: “620633749013”,
“language”: “en”,
“intermediate”: “false”,
“stream-id”: “a:1LAcxPeLEaF5yWwQUhM2_T8UMHMqYm-sjOxbg8WMG0AXV3bfgcPlFoej3qC2j0MO6IYC4LdSlDWtG9Yp2qWQ8bFP6t0TJp3DJjn_WcHbQAd0r3MUMU-D94rnhemsA7LLo”,
“context-type”: “forex”,
“intent”: “request”,
“scope”: “order”
},
“action”: “message.crack.result”
}

User confirms the order request:

{
“data”: {
“message”: “c”,
“id”: “620633749014”,
“channel”: “MSTEAMS”,
“stream-id”: “a:1LAcxPeLEaF5yWwQUhM2_T8UMHMqYm-sjOxbg8WMG0AXV3bfgcPlFoej3qC2j0MO6IYC4LdSlDWtG9Yp2qWQ8bFP6t0TJp3DJjn_WcHbQAd0r3MUMU-D94rnhemsA7LLo”
},
“action”: “message.crack”,
“auth”: {
“channel”: “MSTEAMS”,
“ctoken”: “42d30d29-79ce-42b6-aef0-74988a054a7e”,
“client”: “ACME”
}
}

Message is interpreted by intent assistant:

{
“data”: {
“context”: {
“side”: “buy”,
“ccy1”: “EUR”,
“ccy2”: “USD”,
“qty”: “1000000.0”,
“counterparty”: “360t”,
“set-type”: “1W”
},
“id”: “620633749014”,
“language”: “en”,
“intermediate”: “false”,
“stream-id”: “a:1LAcxPeLEaF5yWwQUhM2_T8UMHMqYm-sjOxbg8WMG0AXV3bfgcPlFoej3qC2j0MO6IYC4LdSlDWtG9Yp2qWQ8bFP6t0TJp3DJjn_WcHbQAd0r3MUMU-D94rnhemsA7LLo”,
“context-type”: “forex”,
“intent”: “request.confirm”,
“scope”: “order”
},
“action”: “message.crack.result”
}

360t accepts the order:

{
“data”: {
“symbol”: “EUR/USD”,
“id”: “620633742668”,
“type”: “market”,
“status”: “accept”,
“price-near”: 0.0,
“price-far”: 0.0,
“qty-min”: 0.0,
“qty-near-last”: 0.0,
“qty-far-last”: 0.0,
“qty-near-residual”: 1000000.0,
“qty-far-residual”: 0.0,
“price-spot”: 0.0,
“settl-date-near”: “2021-05-13”,
“fwd-points-near”: 0.0,
“fwd-points-far”: 0.0,
“price-near-last”: 0.0,
“price-far-last”: 0.0,
“price-near-average”: 0.0,
“price-far-average”: 0.0,
“time-in-force”: “ioc”,
“counterparty-order-id”: “308500007”,
“counterparty-exec-id”: “nm6lro”,
“status-last”: “accept”,
“qty-near”: 1000000.0,
“qty-far”: 0.0,
“cause-id”: “620633742668”,
“side”: “buy”,
“counterparty”: “360t”
},
“action”: “order.fx.request.result”
}

Order is filled:

{
“data”: {
“symbol”: “EUR/USD”,
“id”: “620633742668”,
“type”: “market”,
“status”: “fill”,
“price-near”: 0.0,
“price-far”: 0.0,
“qty-min”: 0.0,
“qty-near-last”: 1000000.0,
“qty-far-last”: 0.0,
“qty-near-residual”: 0.0,
“qty-far-residual”: 0.0,
“price-spot”: 0.0,
“settl-date-near”: “2021-05-13”,
“fwd-points-near”: 0.0,
“fwd-points-far”: 0.0,
“price-near-last”: 1.21469,
“price-far-last”: 0.0,
“price-near-average”: 1.21469,
“price-far-average”: 0.0,
“time-in-force”: “ioc”,
“counterparty-order-id”: “308500007”,
“counterparty-exec-id”: “903448414.2”,
“status-last”: “fill”,
“qty-near”: 1000000.0,
“qty-far”: 0.0,
“cause-id”: “620633742668”,
“side”: “buy”,
“counterparty”: “360t”
},
“action”: “order.fx.request.result”
}{
“data”: {
“id”: “620633742668”
},
“action”: “request.completion.ack”
}

Compliance FAQ

What Is Your Information Security Program To Safeguard Data & Systems Against Cyber Threats?

All sensitive data is secured by firewalls using strict rules and are stored on isolated networks.

All devices are protected by access-lists and filters to prevent unauthorised access.

What Are Your Backup Policies & Procedures, Including RTO & RPO Commitments?

  • The database is been replicating Realtime continuously.
  • Technical logs are backup every day.
  • The failover takes over and awake the sleeping server.
  • Our service uses a principle of fallback to check the first IP responding.
  • Restoring time is 15 min.

How Do You Ensure Data Security When Individuals Are Executing Transactions Or Viewing Sensitive Data Remotely Via A Mobile Device?

The Terranoha service has an independent (secondary) authentication procedure that ensures all access right within the application calls apart of the used the third-party software to reach the service.

Do You Provide A 2FA (Two-Factors Authentication) Method?

Yes, we can implement 2FA , by methods provided by your access authorisation provider.

Can This Be Automatically Enforced Based On The Users’ Profile And Authorization Level?

Yes it can be enforced if security provider rules applied on customer profile.

Are Access Logs Maintained By User Identification And What Is Contained On Them?

Yes, they are; the access logs contain the following information on date/time, personalization, source.

Is Data-In-Transit Encrypted?

All transit data is encrypted with RSA (2048-bit RSA key) TLS v1.2 minimum.

What Is Your Security Policy To Ensure Proper Policies And Procedures Are In Place To Protect Data?

We do not store sensible data about clients but Key reference.

Any other kind of information is kept within secure, and password protected storages behind a firewall and are accessible only by authorized person.

How Your System Supports Role-Based Access Controls To Ensure People Have The Appropriate Access To Data Based On Primary Organizational Roles?

We have an access right matrix that is applicable by role but that might be customized by attributes. Our model is based on Role-centric RBAC-A security model.

How Are Audit Reports & Logs Stored?

Log are stored on disk (brut or via DB) for 10 years but archived every 48h.

How Do You Secure Those Logs To Prevent Data Tampering & Data Destruction?

The audit reports and logs storage are distributed between multiple types such as database and log files. The database storage protected by the IP security and only authorized person can access it on top of it. The log files are archived automatically on the daily basis and stored in a secured please protected by the authorized access security.

Login To Your Customer Account Below

Fill the forms bellow to register

Retrieve your password

Please enter your username or email address to reset your password.