Power any workflow with AI

v1.0 | March 03, 2025

Introduction

D360 AI, hosted on Microsoft Azure, is a secure AI platform for real-time intelligent document processing. While not HIPAA certified, it aligns with HIPAA and other regulatory frameworks, offering configurable compliance options.

System Architecture

Built on Azure Kubernetes Service (AKS) for containerized deployments with auto-scaling and high availability. Containers in Azure Container Registry are continuously scanned for security.

Client Data Isolation

  • Subscriptions: Dedicated Azure Subscriptions per client.
  • Access: Restricted to SOW-defined personnel.

Data Handling

  • Ingestion: Encrypted with TLS 1.3 on upload.
  • Processing: Handled in isolated containers with self-hosted OCR.
  • Storage: Limited to metadata (e.g., logins, run IDs) in PostgreSQL.
  • Deletion: Non-essential data auto-deleted within 48 hours.

Processing Security

  • Isolation: Runs in AKS containers.
  • Zero-Trust: Continuous verification with Azure Security Center.
  • Encryption: End-to-end protection.

Storage Security

Azure Blob Storage with AES-256 at rest and TLS 1.3 in transit for temporary, encrypted storage.

API Security

Internal API system within AKS ensures secure, high-performance communication without external management services.

Compliance Framework

Designed to align with HIPAA and other regulations through audits, privacy controls, and zero-retention agreements where applicable.

Disaster Recovery

Multi-zone Azure Availability Zones and Azure Backup ensure high availability and data integrity.

Future Enhancements

Planned Azure AD integration for SSO and advanced security features.

Integration Overview (KTA → D360 AI)

D360 AI exposes simple REST endpoints that Kofax TotalAgility (KTA) can call over HTTPS. KTA sends a document, D360 AI classifies it, performs OCR using the D360AI Intelligent OCR or client’s Document Intelligence account, extracts fields with the D360 AI Inference Service, and returns structured JSON.

  • Caller: KTA workflow (REST activity)
  • OCR: D360 AI Intelligent OCR or Client-owned Document Intelligence ex: Azure , Google etc (endpoint + key)
  • Inference: D360 AI Inference Service
  • Transport: TLS 1.2+ with Bearer token
  • Response: JSON results, optional async callbacks

Supported Inputs & Outputs

Inputs

  • PDF (text or scanned), TIFF, JPEG/PNG, DOCX, XLSX, EML/MSG (converted), common images
  • Size: up to ~100 MB per file by default (configurable)
  • Multipage PDFs fully supported

Outputs

  • JSON (default)
  • Optional QA images (PNG) with field bounding boxes

Example Categories

IDs, paystubs, bank statements, W-2/1099, invoices, purchase agreements, title documents, medical records, clinical notes (SOAP), EOBs, claim packets. Custom schemas are supported and mapped to your field list.

API Basics (for KTA)

Authentication

Use a Bearer token over TLS 1.2+: Authorization: Bearer <D360_API_KEY>

KTA Integration Notes

  • Use a REST Web Service activity to call /v1/extract or /v1/jobs.
  • Map D360 AI JSON to KTA process variables; store request_id/job_id for audit.
  • For async: configure an HTTP Listener in KTA to receive callbacks, verify signature if enabled, then continue the workflow.
  • Retries: recommend 3 attempts with exponential backoff for transient 429/5xx.

Operations & Data Handling

  • Data Retention: Minimal run metadata by default; temp artifacts auto-purged on a short TTL (configurable).
  • Access Control: Enforce RBAC; rotate D360_API_KEY periodically.
  • Scaling: Increase GPU replicas first for latency, then CPU replicas for preprocessing/IO.