GoDezk DIP — Deep Tech Docs v3.0
GoDezk is an Indian deep tech company building the Device Intelligence Platform (DIP) — a purpose-built AI runtime that connects physical devices to intelligent automation workflows in real time. DIP is not a camera management system, not a cloud vision API wrapper, and not a generic workflow tool. It is a three-layer platform where physical devices stream raw data into a proprietary AI perception layer, which drives a programmable multi-tenant automation engine — with biometric data protection, role-based access control, and a proprietary device communication protocol built in from day one.
Framing: GoDezk (Company) → GoDezk DIP (Platform) → MedOps / Digital Surveillance / IndustrialOps (Products)
Platform Architecture
Named Component Registry
Every major subsystem in GoDezk DIP has a named identity — following the convention established by TILP and AAIF.
| Component | Full Name | Layer | Status |
|---|---|---|---|
| DCM | Device Connection Manager | Device Layer | ✅ Production |
| PRISM | Protocol-Routing Ingestion & Standardisation Middleware | Device Layer | 🔧 In Development |
| NEXUS | Normalized Device Exchange Protocol | Device Layer | 🔬 R&D |
| TILP | Temporal Identity Locking Protocol | AI Layer | ✅ Production |
| AAIF | Adaptive AI Inference Framework | AI Layer | ✅ Production |
| ARIA | Adaptive Reactive Inference Architecture | AI Layer | 🔬 R&D |
| PEVA | Postural Event & Velocity Analyser | ARIA Lane 1 (MedOps) | 🔬 R&D |
| KINEX | Kinematic Inertial Event Extractor | ARIA Lane 2 (IMU) | 🔬 R&D |
| HERA | Heart Rate Event Analyser | ARIA Lane 3 (PPG) | 🔬 R&D |
| STASIS | Post-Fall Stillness Monitor | ARIA Fusion input | 🔬 R&D |
| Backdoor Backend | Multi-Tenant Workflow Runtime | Automation Layer | ✅ Production |
| VEIL | Verified Encrypted Identity Layer | Security / Privacy | 📐 Architecture |
| AGCD | Adaptive Git-Commit Deployer | DevOps / Deployment | ✅ Production |
Device Protocol Coverage (PRISM)
PRISM abstracts every device class into a uniform NexusEvent stream before it reaches the AI layer. AI pipelines and workflow engines are fully protocol-blind.
| Category | Protocols | Device Examples |
|---|---|---|
| Visual | RTSP H.264/H.265 | IP cameras, PTZ, dome, thermal, ANPR |
| Industrial PLC / RTU | Modbus TCP, Modbus RTU (RS-485), EtherNet/IP, Profibus | Siemens S7, Allen-Bradley, Schneider M340 |
| SCADA / DCS | OPC-UA (subscription + polling) | Ignition, WinCC, Wonderware, GE iFIX |
| Network / IT | SNMP v1, v2c, v3 (AuthPriv) | Switches, routers, UPS, PDU, meters |
| Building / Facility | BACnet/IP, BACnet MSTP | HVAC controllers, fire panels, lighting |
| IoT / Edge | MQTT, HTTP webhook, LoRaWAN, Zigbee | Sensors, gateways, smart meters |
| Medical | HL7 v2.x MLLP, DICOM C-STORE | Patient monitors, imaging, lab analysers |
| Wearables | BLE GATT (MQTT gateway) | Smartwatches, IMU tags, PPG sensors |
| Grid / Utility | DNP3, IEC 61850, M-Bus, DLMS/COSEM | Substations, grid devices, smart meters |
Product Verticals
| Vertical | Primary Use Cases | Key Devices |
|---|---|---|
| MedOps | Staff attendance, fire safety, patient fall detection (PEVA + KINEX + ARIA), zone monitoring, NABH audit trail | IP cameras, BACnet HVAC, HL7 patient monitors, RTLS tags, wearables |
| Digital Surveillance | Multi-site camera operations, ANPR, crowd analytics, perimeter intrusion, incident chain of custody | IP cameras, ANPR, RTLS, access control panels |
| IndustrialOps | Fire/smoke detection (AAIF), worker access control, OPC-UA machinery health, OT security monitoring, PPE compliance | Cameras, Modbus PLCs, OPC-UA SCADA, SNMP devices, vibration sensors |
Data Protection — VEIL
VEIL is GoDezk DIP's proprietary data protection standard. Every piece of sensitive data captured from or about a person or enrolled object is governed by VEIL.
| Protection Layer | What It Does |
|---|---|
| Capture Minimisation | Raw frames discarded after inference unless a TILP threshold event is met. Nothing stored by default. |
| Vector Encryption | Face vectors and custom object embeddings encrypted AES-256-GCM with org-scoped keys before writing to Qdrant. Plaintext never touches disk. |
| Tenant Isolation | Every Qdrant point, PostgreSQL row, and MinIO object is bound to org_id. Cross-tenant access is architecturally impossible — not just policy-enforced. |
| Consent-Gated Inference | Each enrolled identity carries consent_status: GRANTED | PENDING | REVOKED. TILP blocks inference in real time if status is REVOKED. |
| Right to Erasure | Five-step hard-delete chain: Qdrant vectors → PostgreSQL rows → MinIO media → audit mark → confirmation record. DPDP Act 2023 compliant. |
| Tamper-Evident Audit Chain | Every biometric read, write, search, or delete logged to an append-only, hash-chained audit table. |
| Device DID (R&D) | Future: W3C Decentralised Identifiers for physical devices — hardware-level proof of identity during NEXUS BIND phase. |
| Subject DID (R&D) | Future: Self-sovereign consent via Verifiable Credentials — patient presents their own DID at enrollment, not re-enrolled per hospital. |
Role-Based Access Control (RBAC)
GoDezk DIP is a multi-tenant platform. Every user action is scoped by org_id and constrained by their assigned role.
| Role | Who Uses It | Permissions |
|---|---|---|
| Platform Admin | GoDezk engineering team | Full access across all orgs. Manage platform infrastructure, org creation, billing. |
| Org Admin | Customer's IT head / operations manager | Full access within their org. Register devices, create workflows, manage users and roles, view all audit logs. |
| Workflow Designer | Operations analyst / integrator | Create, edit, and deploy workflows. Cannot manage devices or users. Cannot access other org's data. |
| Device Manager | Site engineer / IT technician | Register and configure devices, view device health and heartbeat. Cannot modify workflows or view inference data. |
| Operator | Frontline staff / security supervisor | View live dashboards and active alerts. Acknowledge and close incidents. Cannot modify any configuration. |
| Auditor / Read-Only | Compliance officer / auditor | View-only access to dashboards, execution history, and audit logs. Cannot trigger any action. |
RBAC enforcement: Every API request is validated against the user's
org_idandrolebefore execution. Role checks are enforced at the Backdoor Backend executor context — not only at the API gateway layer.
Document Index
| # | Document | What It Covers |
|---|---|---|
| Q1 | System Architecture | Three-layer platform design, all components, device ecosystem tables, fall detection use case (PEVA + KINEX + ARIA) |
| Q2 | R&D Intensity | Engineering evolution history, TILP/AAIF/PRISM/NEXUS/VEIL R&D iterations, failure-driven development evidence |
| Q3 | Proprietary IP | All named IP assets: TILP, AAIF, Backdoor Backend, Vector Registry, AGCD, Semantic Intelligence, PRISM, NEXUS, VEIL — with patent basis |
| Q4 | Technical Uncertainty | 10+ open engineering research questions across device scale, AI accuracy, protocol reliability, security, and ARIA fusion |
| Q5 | Technology Indispensability | What breaks if each layer is removed, replacement cost analysis, competitive differentiation matrix |
| Q6 | National Missions | Alignment with Digital India, Make in India, Smart Cities, National Healthcare Mission, Industrial Safety, India AI Mission |