top of page

Technical Deep Dive into Cross Domain Hybrid Application (CDHA) Architecture

Updated: May 10

As discussed in our previous blog, one of the key benefits of the CDHA architecture is its support for robust two-way communication and interoperability between low and high trust domains. Let’s explore this architecture further, focusing solely on its components and functionalities. 

Data flow within the CDHA architecture begins with encryption at the client browser and that is possible because of the unique user’s keys management build as part of the CDHA. This encrypted data is then processed and verified at each step until it reaches its destination for further use. Each component within this architecture plays a crucial role in ensuring data integrity and security. Here’s a streamlined explanation of these components and their roles: 


Low Trust Domain: 

  • Client Browser: Used for all encryption and decryption activities to secure data before transmission. 

  • Low Trust Web-Based Application: Manages and formats data intended for cross-domain transfer. 

  • Low Trust Orchestrator: Coordinates data transmission through the High Assurance Gateway, ensuring compliance with security standards. 

  • Staging Database: Securely stores encrypted data until it is ready for transfer, accessible only with the correct cryptographic keys. 

  • Low Trust Messaging Service: Manages secure email communications to prevent exposure of sensitive information. 


High Assurance Gateway: 

This critical intermediary bridges the low and high trust domains. It decrypts incoming encrypted data from the low trust domain, verifies its structure against predefined schemas, and transfers validated data to the high trust domain. Non-conforming payloads are quarantined. 

High Trust Domain: 

  • High Trust Orchestrator: Receives and processes requests and data from the low trust domain via the High Assurance Gateway, facilitating secure responses. 

  • Identity & Enrollment Services: Checks user identity and verifies keys to manage registrations and key usage securely. 

  • User Management Portal & Key Management Database: This portal is a high trust domain user enrolment platform that allows the administration team to start the enrolment process for users. It gives administrators the capability to approve or deny enrolment requests and deactivate any registered users. 

  • High Trust Web-Based Application: Provides an interface for processing data received from the low trust domain, enabling analysis and handling of submitted data. 

  • Export / Release Control: The export control component is activated prior to encryption to conduct checks on the data, ensuring it is safe to transmit and adheres to predefined rules and regulations. 


In our series so far, we have explored how data is securely transferred from low trust domain to high trust domain, securely stored, and how responses are managed effectively within the CDHA architecture. It supports interoperability, allowing individuals to work efficiently and securely across domains without the need for physical presence in high trust areas. 

In our next blog, we will explore the innovative security features of CDHA, including advanced encryption and strategic security controls, to maintain data integrity and confidentiality. Stay tuned for these insights. 

Please watch our Senior Associate, Stephen Thomas, discussing this topic in-depth in this insightful video:



Commenting has been turned off.
bottom of page