Enterprise 2FA Platform on Blockchain

Client Goals:

Launch a 2FA on blockchain SaaS that enterprises can trust and later resell to government buyers.
Keep onboarding friction low for 1 k+ end‑users.
Avoid long‑term vendor lock‑in and keep infrastructure cost < €1 k / month.

The Problems:

Even with a straightforward login use‑case, real‑world business constraints turn “just add 2FA” into a minefield.

Single point of failure.

Classic 2FA servers live in one data‑centre; a single breach or outage can lock out every user.

Enterprise‑grade security.

The platform had to pass independent security audits and meet Kazakhstan data‑residency rules so it could later be offered to government buyers.

Born from a pivot.

The idea started as a blockchain‑notary demo at Reactor.ua. Spotting real demand, we turned it into a convincing blueprint and pitch for a full 2FA engine within one week—showing the client it could be delivered with ease.

Legacy integration ready.

Target customers still use SOAP through the ShEP gateway; we had to plug in without forcing them to rewrite their stack.

These hurdles shaped the blueprint for a lean, blockchain‑backed 2FA platform that fixes them once and for all.

Product Evolution — From MVP to Enterprise Readiness

Phase 1 — Fast MVP (Feb → Jun 2018)

Intel SGX‑based PoC delivered in 4 months by a lean 4‑engineer squad.
Private Hyperledger Sawtooth network, REST API, Kotlin/Swift mobile apps.

Phase 2 — Cost‑Cut & Refactor (Q3 → Q4 2018)

Migrated to custom PBFT consensus to escape €800/mo SGX hosting.
Containerised micro‑services → horizontal scaling; OPEX ▼ 70 %, TPS ▲ 30 %.

Phase 3 — Performance Hardening (Q1 → Q2 2019)

Stress‑tests on 4 → 8 nodes, tuned batch size (100‑200 tx) & validator queues.
Network and blockchain parameters fine‑tuned to exceed 50 TPS commit target.

Phase 4 — Enterprise Integrations (2019 → 2021)

SOAP bridge to ShEP gateway, IPsec VPN compatibility across departments.
Added multi‑channel OTP: SMS → Telegram Bot → Firebase (FCM) Push.
Swagger‑based API docs for faster client adoption; passed data‑residency audit.

Phase 5 — Go‑Live & Monetisation (2022)

Deployed to production, pay‑per‑auth B2G SaaS for gov employees.
SLA 99.98 %, 1 k+ active users, 0 security incidents.

Phase 6 — Maintenance & Growth (2023 → Now)

24/7 support desk, quarterly security patches, continuous SLA monitoring.
New features shaped by user feedback: admin dashboards, granular roles, extra auth channels.

Outcome: a vendor‑agnostic, high‑performance platform that stays cheap to run and plugs into legacy government stacks without code rewrites.

Performance & Benchmarks — Production‑Ready Figures

Nodes	REST TPS	Commit TPS	Avg Latency
4	1 250	≈ 60	1.8 s
8	850	≈ 80	1.5 s

*TPS – transactions per second.

Optimal batch size: 100‑200 tx per request.

OPEX per auth ≈ $0.0027 (8 × €10 Hetzner nodes ≈ 30 k logins / month) after PBFT migration.

Take‑away: Beats the 50 TPS & < 2 s latency targets while staying 70 % cheaper than SGX hosting.

At a Glance

A quick snapshot of the concrete, business‑level wins already achieved:

Contract Secured

Signed with the client in Feb 2018, moving from prototype to paid engagement within 30 days.

User Adoption

Over 1 k active users protected from day one; UX and capacity tuned for steady growth.

Revenue Stream

Pay‑per‑auth SaaS model (~$0.04 per login) delivers predictable B2G income.

Compliance & Security

Passed full government security audit; 0 security incidents since launch.

Reliability

Confirmed 99.98 % SLA via external monitoring over 12 months.

Roadmap Ready

Architecture supports new auth channels & white‑label roll‑outs without downtime.

Together, these numbers show a secure, revenue‑positive platform with room to scale and evolve alongside client needs.

Technical Backbone

Under the Hood

Below is the distilled tech stack that keeps the platform performant yet easy to operate. All components are open‑source, battle‑tested, and can be deployed on‑prem or in any cloud.

Blockchain Layer

Hyperledger Sawtooth 1.2 — modular permissioned blockchain core.
Custom PBFT* consensus (Go) — no SGX, no vendor lock‑in.
Protocol Buffers serialisation — lean payloads, quick parsing.

* – PBFT (Practical Byzantine Fault Tolerance) lets the cluster confirm transactions even if up to one‑third of the nodes fail or act maliciously. It gives us sub‑2 second finality without the heavy energy cost of Proof‑of‑Work. Learn more

Application Layer

Node.js (NestJS) micro‑services for auth & API.
Angular front‑ends (admin & public portals).
Native Mobile: Kotlin (Android) / Swift (iOS) — push‑ready.

Infrastructure

Docker Compose → Docker Swarm clusters (4‑8 × CX21 VMs).
GitLab CI ➔ zero‑downtime blue‑green deploys via Swarm stacks.
256‑bit TLS everywhere; secrets in HashiCorp Vault.

Integrations

Government ShEP (SOAP) — legacy bridge.
SMS gateways (KazSMS, Infobip) — fallback channel.
Telegram Bot API & Firebase Cloud Messaging — instant push..

Take‑away: the backbone is fully containerised, fault‑tolerant, and DevOps‑friendly — new auth channels or extra nodes spin up in minutes, not days.

2FA Platform — Architecture Overview

High-level 2FA architecture with clients, 2FA API, queue, SMS/Telegram/FCM, PBFT blockchain cluster and admin portal.

Logical architecture of the 2FA platform: native clients → 2FA API → message queue → delivery channels → PBFT cluster → admin portal.

What This Demonstrates

Enterprise

We navigate strict compliance, legacy tech & high‑stakes audits.

Startups

4‑month MVP path proved in production.

Tech Teams

Deep distributed‑systems know‑how & performance tuning playbook.

Client Goals:

The Problems:

Single point of failure.

Enterprise‑grade security.

Born from a pivot.

Legacy integration ready.

Product Evolution — From MVP to Enterprise Readiness

Phase 1 — Fast MVP (Feb → Jun 2018)

Phase 2 — Cost‑Cut & Refactor (Q3 → Q4 2018)

Phase 3 — Performance Hardening (Q1 → Q2 2019)

Phase 4 — Enterprise Integrations (2019 → 2021)

Phase 5 — Go‑Live & Monetisation (2022)

Phase 6 — Maintenance & Growth (2023 → Now)

Performance & Benchmarks — Production‑Ready Figures

At a Glance

Contract Secured

User Adoption

Revenue Stream

Compliance & Security

Reliability

Roadmap Ready

Technical Backbone

Under the Hood

Blockchain Layer

Application Layer

Infrastructure

Integrations

2FA Platform — Architecture Overview

What This Demonstrates

Enterprise

Startups

Tech Teams

Contacts

Reach Out to Us

What we did:

Client Goals:

The Problems:

Single point of failure.

Enterprise‑grade security.

Born from a pivot.

Legacy integration ready.

Product Evolution — From MVP to Enterprise Readiness

Phase 1 — Fast MVP (Feb → Jun 2018)

Phase 2 — Cost‑Cut & Refactor (Q3 → Q4 2018)

Phase 3 — Performance Hardening (Q1 → Q2 2019)

Phase 4 — Enterprise Integrations (2019 → 2021)

Phase 5 — Go‑Live & Monetisation (2022)

Phase 6 — Maintenance & Growth (2023 → Now)

Performance & Benchmarks — Production‑Ready Figures

At a Glance

Contract Secured

User Adoption

Revenue Stream

Compliance & Security

Reliability

Roadmap Ready

Technical Backbone

Under the Hood

Blockchain Layer

Application Layer

Infrastructure

Integrations

2FA Platform — Architecture Overview

What This Demonstrates

Enterprise

Startups

Tech Teams

Tech Stack

Ready to build something innovative?

Feel free to start, and watch as you grow

Contacts

Reach Out to Us

Solutions

Company

CASE STUDIES

Projects

Phase 1 — Fast MVP (Feb → Jun 2018)

Phase 2 — Cost‑Cut & Refactor (Q3 → Q4 2018)

Phase 3 — Performance Hardening (Q1 → Q2 2019)

Phase 4 — Enterprise Integrations (2019 → 2021)

Phase 6 — Maintenance & Growth (2023 → Now)