When a Match Request is authorized in Senate, an Aggregator Node communicates with the Matcher Nodes to generate lists of token pairs that may match.
The Aggregator Node filters out false matches and provides a final match table to Senate, which loads a masked version of the token pair table into a Data Workspace for analysis.
- The Aggregator Node is operated by Data Republic in the same secure environment as the Senate platform hosting the data project. Therefore, Singapore based data projects use an Aggregator Node hosted in Singapore, and Australian projects will use a node hosted in Sydney, Australia.
- The Aggregator Node has the list of Matcher Nodes that exist in the network and their network addresses, in the form of domain names. The Aggregator Node connects to the Matcher Nodes using encrypted HTTPS plus a private certificate to prove that it is the authorized Aggregator Node for that region (known as twoway Security Sockets Layer, or Transport Layer Security).
- The Aggregator Node sends to the Matcher Nodes the relevant database account numbers (globally unique identifiers (GUID)), which are not encrypted but which are randomly generated and which, by way of example, might take the form, "2cacf2feffb1- 404c-8617-b7e5df12301b" for the two Contributor databases which are to be matched.
- The Matcher Nodes will then begin the process of comparing the matching “slices” and reply with a list of potential token matches (potential because the Matcher Nodes do not know which might be false positives). These tokens are encrypted, and the Matcher Nodes do not have the key. The Aggregator Node, which does have the encryption keys, can decrypt these token pairs and filter out any false positives, which it does based on "votes" received from the Matcher Nodes as to whether two tokens should be paired.
- Finally, the Aggregator Node returns the list of token pairs to the Senate platform, allowing Senate to assemble the full encrypted and matched attribute dataset that the Analyst has requested.
The result of this process is a “token matching table” which consists of a list of Token ID pairs (one token from the first Contributor, paired with one token from the second).
Download Senate Matching Security Whitepaper