Entrelid® Secure Channels
Technical Specification v1.1
A revolutionary approach to secure messaging that combines NATS infrastructure with RDID-secured hidden topics for cryptographically protected communication channels.
US Patent 11,531,724 & Foreign Patents
1
Definition
What Are Secure Channels?
Secure Channels are NATS communication channels where messages are transferred to endpoints by way of RDID-secured hidden topics in a pub/sub topology. Messages can also be sent to a topic queue where one of many subscribers can retrieve the message. Queued Messages are sent at-most-once delivery. There is no error if queued messages are never retrieved.
Messages are not persisted by default but can be programmed to persist in the Data Store when audit trails, replay capability, or durable messaging are required. This design prioritizes real-time message flow while maintaining flexibility for specific use cases. Persisted messages are stored as events in the Data Store. They persist forever unless they have been marked with an expiration. The event list is persisted in the NATS stream list and can be used to create/bring up-to-date the server's Data Store at server startup.
US Patent 11,531,724 & Foreign Patents
2
Infrastructure
NATS Infrastructure Foundation
Secure Channels operate on NATS messaging infrastructure, leveraging its high-performance pub/sub capabilities while adding the RDID security layer. This combination delivers secure, high-throughput messaging.
NATS Transport
Provides the transport and routing infrastructure for high-performance message delivery
RDID Security Layer
Adds topic-level security and access control through cryptographic relationships
Secure Throughput
Delivers secure, high-throughput messaging without compromising performance
US Patent 11,531,724 & Foreign Patents
4
Topic Queues for Work Distribution
For work distribution scenarios, messages can be sent to a topic queue where one of many subscribers retrieves the message. This enables load balancing across multiple consuming endpoints.
- Multiple subscribers listen on the same topic queue
- Each message is delivered to exactly one subscriber
- NATS handles the distribution; RDID secures the topic
- Suitable for microservice scaling and work distribution
US Patent 11,531,724 & Foreign Patents
6
Entity Model
Multi-Entity Architecture
A Secure Channel connects multiple entities through RDID relationships. Each entity has a defined role and permissions within the channel structure.
Lead Entity
The controlling entity for the Secure Channel, typically a microservice or application endpoint. Governs channel configuration and may control participant assignment.
Participating Entities
Entities assigned to the channel via RDIDs. Each RDID defines the entity's relationship to the hidden topic and its permissions. Participation is assigned, not self-elected.
US Patent 11,531,724 & Foreign Patents
7
Access Control
Permissions and Access Control
RDID Permissions
RDID registration defines permissions for each participating entity:
Read-Only (Subscribe)
Entity can subscribe to and receive messages but cannot publish
Read-Write (Publish + Subscribe)
Entity can both publish messages and subscribe to receive messages
Field-Level Access
Access control extends to field-level granularity within messages:
- Access control templates define which fields each RDID can access
- Different RDIDs can unlock different portions of the same message
- Filtering runs against templates in the client library
- Supported formats: JSON, YAML. XML, CSV, binary, and any format with an available parser
US Patent 11,531,724 & Foreign Patents
9
Provisioning
Channel Provisioning
Provisioning a Secure Channel creates the hidden topic infrastructure and configures RDID access. This is typically a DevOps function and can be integrated into CI/CD pipelines.
Invoke Provisioning
Invoke provisioning command or API to begin channel creation
Specify Lead Entity
Configure the controlling entity for the Secure Channel
Configure Topic Type
Set up standard pub/sub or topic queue configuration
Assign Participants
Register participating group entities via RDID and set permissions
Configure Persistence
Set up persistence options if required for the use case
Static Provisioning
Channels are pre-configured and persist indefinitely. Suitable for stable communication patterns.
Dynamic Provisioning
Channels are allocated on-demand during runtime. Can be configured with expiration times or destroyed when the associated function completes.
US Patent 11,531,724 & Foreign Patents
11
Key Differentiators
What Makes Secure Channels Unique
Secure Channels provide a fundamentally different approach to secure messaging through RDID-secured hidden topics and direct client integration.
Hidden Topic Security
RDID-secured hidden topics are undiscoverable by unauthorized entities—security through invisibility
High-Performance Transport
NATS messaging infrastructure delivers high-throughput pub/sub with topic queues for work distribution
Direct Integration
Client library integration without sidecar proxies reduces latency and complexity
Real-Time First
Non-persistent by default with optional Data Store persistence for specific use cases
Granular Access Control
Topic-level security via RDID with field-level access control through templates
Relationship-Based Security
Security is relationship-based through RDID, not identity-based or network-based
US Patent 11,531,724 & Foreign Patents
12