Checking…|TGX v1.0
A secure multi-tenant platform for standardized carrier evidence intake, CDR normalization, victim report corroboration, and government investigator access — with a complete immutable audit trail.
Stakeholders
Who TIGER Serves
Telecommunications Carriers
Secure incident creation and case management
CDR bulk ingestion via carrier-specific mapping profiles
Evidence upload with SHA-256 integrity verification
Controlled sharing with assigned government agencies
Open portal →Government Investigators
Receive carrier-shared incident packages
Review normalized CDR records and evidence files
Correlate victim reports against call records
Manually link reports to specific CDR entries
Open portal →Victims & Witnesses
Anonymous submission — no account required
Report suspicious call details and narratives
Receive a tracking token for status lookup
Submission auto-matched against carrier CDRs
Open portal →Evidence Intake
What TIGER Ingests
Call Detail Records
Canonical CDR schema with per-record TGX keys
IP & Network Evidence
Source, media, and signaling IP captured per call leg
Call Recordings
Audio evidence stored in S3 with legal hold
Access & Auth Logs
Carrier authentication and session artifacts
Account Identity Data
Subscriber and account records
Payment Artifacts
Billing and transaction records linked to fraud
Victim Reports
Corroborating witness submissions with CDR matching
All normalized
Every record gets a TGX key and canonical schema before storage
Platform Capabilities
Why TIGER Matters
Immutable Evidence
SHA-256 fingerprinted files with S3 direct upload. Append-only once ingested.
Standardized Intake
Carrier CDR formats normalized into a canonical TIGER schema with per-record TGX keys.
Cross-Case Correlation
CDR keys, fingerprints, and phone number graphs link activity across incidents and carriers.
Immutable Audit Trail
Every auth, upload, assignment, and link action logged with actor, IP, and timestamp.
Role-Based Access
Carriers see only their cases. Gov sees only assigned cases. No lateral data bleed.
Victim Linkage
Heuristic auto-match + manual review ties victim submissions to specific CDR records.
Security Architecture
Controls & Access Separation
HTTPS / TLS
All traffic served over TLS via Nginx reverse proxy
JWT Authentication
HS256-signed tokens; 8-hour expiry; 401 auto-redirect
Org Isolation
Every query scoped to organization_id at the DB layer
Role-Based Access
5 roles; carrier / gov / admin routes independently guarded
S3 Presigned Upload
Browser uploads directly to S3; backend never touches file bytes
Audit Logging
30+ action types logged immutably in audit_events table
Visibility Controls
private → shared_with_agency → platform_wide per incident
Public / Staff Split
Victim portal is fully public; staff portals require auth
Prototype Status
Current Deployment Scope
Running Now
EC2Ubuntu 22.04, single-instance, us-east-1
FrontendNext.js 16 App Router + Turbopack via PM2
BackendFastAPI + Uvicorn via PM2, auto-restart
DatabaseSQLite 3 WAL mode — zero-config, file-based
EvidenceS3-compatible presigned upload flow
TLSHTTPS via Nginx + Let's Encrypt on tigerex.us
AuthHS256 JWT, 8-hour tokens, RBAC enforced
Production Path
DatabaseMigrate SQLite → PostgreSQL on RDS (15-min change)
EvidenceAdd real AWS credentials → S3 live immediately
AuthRS256 JWT + refresh tokens; SSO/SAML carriers/gov
ScaleUvicorn multi-worker or ECS/Fargate containers
CDNCloudFront static assets + WAF portal endpoints
MonitoringCloudWatch + Sentry for alerting and error capture
ComplianceFedRAMP-aligned IAM, VPC isolation, KMS at rest
TIGER prototype demonstration environment · tigerex.us · For law enforcement stakeholder review