AFCAS Gateway System — Barber Host Ltd

System Scope

Cryptographic Immutability Metadata Gateway Certificate Generation Encrypted Barcode Cards Temporal Access Tokens Vendor Verification Media Storage GPS Mapping Monthly Billing

System Overview

Architecture & Data Flow

The AFCAS Gateway sits as a secure secondary system that receives enrolled applicant metadata from the GNFS Core System. All data is cryptographically sealed into an append-only ledger — records can only be added, never modified or deleted — ensuring a tamper-proof chain of compliance for every property in Ghana.

🔥

GNFS Core System

Applicant enrolment, inspections, compliance decisions

🛡️

AFCAS Gateway

Crypto-sealed metadata, media, immutable ledger

📜

Certificate Engine

Unique URL, QR code, compliance status

💳

Licence Card

Crypto barcode, print-ready, app-verified

Stakeholders

Users & Beneficiaries

The platform serves a wide range of stakeholders across Ghana's property and fire safety ecosystem.

🏠

Property Owners

Homeowners, landlords, developers, industrial unit owners

🏪

Businesses

Shops, factories, offices, public buildings

🔑

Vendors & Agents

Estate agents, registered vendors with unique IDs

⚖️

Lawyers

Legal professionals verifying property compliance

🏗️

Land Purchasers

Buyers validating fire safety before purchase

👤

Individuals

Public citizens requesting certification checks

Capabilities

Core Platform Features

🔒

Immutable Data Ledger

All metadata cryptographically hashed and stored in an append-only database. Records cannot be altered or deleted once sealed.

🔗

Temporal Access Tokens

24-hour expiring tokens and unique links for third-party verification requests. Token usage billed monthly per vendor.

📜

Digital Certificate URL

Unique public URL per property showing house photo, GPS location, compliance devices, and fire safety status.

💳

Licence Card Printing

Print-ready card with encrypted barcode readable only by the official AFCAS verification app.

Platform Modules

System Components

The gateway is composed of five interconnected modules, each handling a distinct layer of the compliance pipeline from data ingestion to physical card output.

M1

🔥 Metadata Ingestion Engine

Secure API endpoint receiving enrolled data from GNFS Core System

Applicant identity parsing (owners, landlords, developers, businesses)

Property metadata: address, GPS coordinates, building type, usage class

Media intake: property photos, inspection images, device photos

SHA-256 hash generation for every record on ingestion

Append-only write to immutable ledger with timestamp chain

M2

🔑 Vendor Access & Token Management

Estate agent & registered vendor ID enrolment and KYC

Temporal token generation — unique links expiring in 24 hours

Token request workflow for lawyers, land purchasers, individuals

Per-token metered billing aggregated monthly per vendor

Rate limiting and abuse detection on token issuance

Audit trail for every token created, used, or expired

M3

📜 Certificate Generation Engine

Unique public URL per property (e.g. afcas.gov.gh/cert/ABC123)

Property photograph display with GPS map embed

Fire compliance device inventory with tick/status indicators

GNFS official branding and digital signature

Real-time status: Active, Expired, Under Review, Revoked

QR code linking to certificate for quick mobile verification

M4

💳 Licence Card & Crypto Barcode Printer

Print-ready card layout with property details and compliance status

Encrypted barcode using asymmetric cryptography (RSA/ECDSA)

Barcode readable only by official AFCAS mobile verification app

Card data includes certificate ID, property hash, and expiry date

Tamper-evident encoding — any modification invalidates the barcode

Batch print queue with card tracking and dispatch logging

M5

📱 Verification Mobile App

Companion app for scanning and decrypting licence card barcodes

Offline-capable with cached public key for field verification

Displays full certificate details after successful scan

Fraud detection: flags tampered, expired, or revoked cards

Available on Android and iOS for GNFS officers and public use

Geo-tagged scan logging for compliance monitoring analytics

Security Architecture

Cryptographic Security & Immutability

The entire platform is designed around a zero-trust, append-only architecture. Every record is sealed with cryptographic hashes forming an unbreakable chain — any tampering attempt is immediately detectable.

🔐

SHA-256 Hashing

Every metadata record hashed on ingestion. Hash chain links each record to its predecessor.

📝

Append-Only Ledger

Database enforces write-only policy. No UPDATE or DELETE operations permitted on sealed data.

🔑

Asymmetric Encryption

RSA/ECDSA key pairs for barcode encryption. Private key held solely by AFCAS system.

⏱️

Temporal Tokens

24-hour expiry on all access tokens. HMAC-signed with server-side validation.

🌐

TLS 1.3 Everywhere

All API communications encrypted in transit. Certificate pinning on mobile app.

📊

Audit Logging

Immutable audit trail for every system action. Tamper-evident log storage.

🔒 Encrypted Barcode Pipeline

The licence card barcode encodes a signed payload containing the certificate ID, property hash, compliance status, and expiry date. Only the official AFCAS verification app holds the public key required to decrypt and validate the barcode — making counterfeiting computationally impossible.

STEP 1

Generate certificate payload JSON

STEP 2

Sign payload with ECDSA private key

STEP 3

Encode signed data into barcode format

STEP 4

App scans → verifies signature → displays status

Digital Certificate Structure

Ghana National Fire Service

Automated Fire Safety Compliance System (AFCAS)

Certificate ID

AFCAS-2025-GH-00A7F3

Compliance Status

✓ COMPLIANT

Property Address

14 Independence Ave, Accra

Fire Devices

✓ Extinguisher · ✓ Alarm · ✓ Exit Signs

GPS Coordinates

5.5600° N, 0.1969° W

Valid Until

13 February 2026

Encrypted Verification Barcode

█▐▌█▐█▌▐▌█▐▌█▐█▌▐█▐▌█▐▌██▐▌█▐█▌▐▌█▐▌█▐█▌▐█▐▌█▐▌██▐▌█▐█▌▐▌█▐▌█ AFCAS:00A7F3:ECDSA:v1

Token Access Flow

Vendor & Third-Party Verification

Vendors, lawyers, land purchasers, and individuals can request property fire safety certification through a registered vendor ID and a temporal token system with monthly metered billing.

👤

Request

User submits vendor/agent ID + property ref

🔑

Token Issued

24hr temporal token or secure link generated

✅

Verified

Token validated against vendor account

📜

Certificate

Full certificate URL returned with status

💰

Billed

Usage metered and charged monthly

Technology

Technology Stack

⚡

Cloudflare Workers

Edge compute, global CDN

🗄️

D1 / KV / R2

Database, cache, media

🔐

Web Crypto API

ECDSA, SHA-256, HMAC

📱

React Native

iOS & Android app

🌐

Vanilla JS

Lightweight frontend

🖨️

PDF/Card Engine

Print-ready output

📡

REST API

GNFS integration

📊

Analytics

Usage & billing

Delivery

Project Timeline

A phased delivery approach across approximately 26 weeks, with each milestone producing working, testable components.

Phase	Deliverable	Duration	Status
Phase 1	Core Gateway API, Metadata Ingestion, Immutable Ledger	6 weeks	Planning
Phase 2	Token Management, Vendor Portal, Billing Engine	4 weeks	Pending
Phase 3	Certificate Generation, Public URL, QR Codes	4 weeks	Pending
Phase 4	Licence Card System, Crypto Barcode, Print Queue	4 weeks	Pending
Phase 5	Mobile Verification App (Android + iOS)	5 weeks	Pending
Phase 6	UAT, Security Audit, Deployment & Handover	3 weeks	Pending

Ready to Build?

🌐

Website

barberhost.co.uk

✉️

Email

info@barberhost.co.uk

🏢

Company

No. 16823298

AFCAS GatewaySystem