-
Non-functional
Image for
Illustration only -
-
-
- S1: Sequence 1
- S2: Sequence 2
- S3: Sequence 3
- F1
- F2
- F3
- F4
- F5
- F6
- F7
- F8
- F9
- F10
|
Non-functional Image for Illustration only |
|
|
| Descend | Name |
TO
CC
CLR
|
Delete
Append
Team:
|
| Icon | Operation |
|---|---|
 |
Send an invite. Clicking it will display a menu where the invitee's information can be entered. |
 |
Passing over this icon will display a dropdown containing all the user's account. Clicking on an account from the listing will change to that account. Clicking on this icon will bring up Mail Stratification highlighting the most recent and frequent messages. |
 |
The display of this icon indicates a loss of connection. See Connection Loss under Local Security. |
 |
pressing over this icon will trigger a global search against the entries in the search bar. |
 |
Pressing this icon will bring up the chat dialog menu. If the menu is already up it will close it. |
 |
Pressing this icon will bring up the mail dialog menu. If the menu is already up it will close it. |
 |
Pressing this icon will display the hosting dialog. This permits hosting data the can be accesses remotely, thus allowing authors update content of previously sent mail. |
 |
Pressing this icon will display the LockBox dialog. LockBoxes can hold files, directories, images, and websites. An unlimited number (within reason) can be created and stored locally and/or remotely. |
 |
Pressing this icon will display the team create/edit/delete facilities. |
 |
Pressing this icon will display the search/filter facilities. |
 |
This icon provides an indication of network status.
|
| Icon | Operation |
|---|---|
Click the invite icon on the left side of the toolbar to bring up the invitation panel. (App and agent will be used interchangeably in this document.)
Fill out the form with the recipients info and click the Invite button at the upper right of the panel. At that point an invitation email offering the ability to join the current community will be sent to the addressee with a clickable link.
The Codes entry is used to assign special privileges and monitoring tasks such as the detection of foreign media.
The recipient will receive the following email in plain text.
After clicking the link, the recipient's default browser will display the following panel. The recipient needs to enter the ID Code if they have one, otherwise their phone number, and then press the Download. They will receive a customized Agent specifically assigned to them.
Should there be an attempt to use the invitation by an unauthorized party, the following will be displayed. Of course the invitation is useless without the ID Code.
Dynamic assistance will be displayed to help in choosing a safe password. It will warn you if selecting a weak password, but will not prevent you from using it. It is pretty much overkill as this password never leaves the agent.
The password created is used to unlock 256 bit randomly generated passwords that in turn are used to sign into accounts. In fact the Master Password utilizes the bcrypt algorithm to protect it from attempted access by malware that winds-up on the local machine.
After creating a password the agent panel will become visible.
| Entry | Operation |
|---|---|
| *Embed | This entry brings up a file directory to select pictures from. Results are equivalent to drag and drop of images. |
| *Photos | This entry brings up a file directory to select pictures from, which will be added to the end of the message. Has some advantages in that it allows enlarging the images and then stepping through them. |
| Files | This entry brings up a file directory to select files from. If any files, directories, or photos are attached to the message the folder icon will be displayed at the recipient's end.  |
| Directory | This entry brings up a custom directory of directories; i.e. only directories are Viewable and selectable. |
| Website | This entry brings up a file directory to select a HTML index file from. All associated HTML pages associated with index, as well as the CSS and JS files will be combined together and processed to create a shippable encrypted website. Some filtering is performed to remove dangerous code, and all links to external locations are intercepted to provide the user various options when run. (The same task is performed again at the recipients end to protect against possible rogue insider.) |
| Save | This operation save the current message under development as a draft. |
| Draft | Clicking this entry will display all saved draft messages. |
| Urgent | Setting this slider will cause the recipient of the message to have a red flag displayed.  |
| OTR | The Off-The-Record slider will cause the AES key used to encrypt the message content to be encrypted with an RSA public key belonging to the recipient of the messages; i.e. only the recipient can read the message. |
| Redundant | This slider causes the message to travel two completely different paths to the recipient. The only locations of potential failure are the endpoints(agents). To further enhance message integrity, messages can be automatically compared when received. |
| Preview | This slider indicates whether or not a small portion of content will be visible without decryption. |
| Tron | This slider indicates this is a system level message used for monitoring the network. (It is only available to those with the proper level of privilege.) |
 |
Clicking this icon will send the message via legacy email. The address on the TO: line must be a valid email address. Only a single address will be accepted at a time. |
 |
The icon toggles the size of the dialog messages space. |
 |
Passing over this icon will expose HTML components that can be dragged into the messages. See below. |
 |
Pressing this icon will clear the dialog to its default condition. |
This illustrates the ability the add and edit various HTML elements to messages, including dragged images. each element dropped has an outline with a small image in the upper left hand corner, both of which are not visible on the sent message. (The image and outline can just be seen below the editing popup. A click of the right mouse button when the cursor is over the image will cause the menu to appear. Holding down the left mouse button when over the image will allow the element to be dragged to a different location.)
The Contacts listing can be displayed by either clicking on the CONTACTS button on the right or by clicking on the TO or CC line of the mail dialog menu.
Visral mail addressing can be broken down into three components:
Proper Name, Community, and Account.
EBNF syntax: [ProperName@][Community:]Account
Team syntax: $[<lower case alpha>]*<number><author's account>
| Component | Definition |
|---|---|
| ProperName | This is not used in routing, but rather provides a means to quickly identify the recipient. Also useful when a single account is shared by command and control applications, or multiple individuals. |
| Community | The community component serves several purposes. Like a ZIP Code it assists in message routing. It helps identify companies and their divisions. It allows assigning various features and rights to groups. Because accounts are unique, if missing the system will determine it. (Consumer variant: Communities also identify partner channels; i.e. those providing independent hosting, issuing memberships, and ...) |
| Account | Account names/number are unique throughout the system. They are case insensitive and can be up to 126 characters long. (Single thread time to locate a specific account out of 100 million entries is approx. 2 µsec on a software controller.) |
This is a snapshot of the Contacts slide-out. Clicking on an entry will insert the address into the TO: line of the Mail/Chat dialog menu. When the cursor passes over each entry, the associated portrait will appear.
| Entry | Definition |
|---|---|
| TO | Clicking this button after selecting entries will insert the selected into the TO: line. To select an entry, click on the ball icon  which will toggle to  and back. |
| CC | Clicking this button after selecting entries will insert the selected into the CC: line. |
| CLR | Clicking this button will clear all selected entries. |
Entering a key word in the search bar and clicking the magnifying glass icon will list entries where the word or expression is found. (Case insensitive matching.) The results of the search will be displayed with a green background.
The date showing in the search bar indicates the most recent accounts ledger. Each community will normally have a different account ledger. (May not be true for sub-communities.) The team members of account ledgers are encrypted and only accessible by members of the particular team.
The TEAMS listing displays all teams within the current community the user is a member of. Only teams created by the user can be edited or deleted. (Teams the user is not a member of, can not be seen.)
The MEMBERS listing displays all members of the team selected from the teams listing. (Members of teams the user is not a member of, can not be seen.)
The HOSTED listing displays all hosted packages within the current community belonging to the user.
Consumer Variant: results of global search of public communities and sub-communities.
Consumer Variant: local editable database of contact info. The particular contact is selected by clicking on the rolodex icon at the right end of the entry. The existing information will automatically be loaded when the contact entry is selected. The Update button will reinsert it plus any changes.
Click the image below to display the contact details popup.
(Although beyond the scope of this presentation, the popup itself is editable and designed to dynamically generate DB interface routines as well as the DB file structure to hold the changed or added items. The contact DB file is encrypted when not logged in to the agent. )
Select the Photos or Files entry from the dropdown and a file explorer will be presented from which to select one or more, files or images.
Photos over 100,000 bytes will automatically scale their resolution to fit within a 820x820 outline. (Result could actually be larger than 100,000 bytes.) To send larger full size images, attach them as files, which have no size restriction.
The difference between Embedded images and Photos is that photos are attached to the end of the message as in FaceBook fashion. On the other hand, embedded images are inserted into the messages and can be moved around and overlayed as in a word document, all be it in HTML.
Select the Directory entry from the dropdown and a custom directory explorer will be presented from which to select a directory to be attached.
Following, the selection will appear in the attachment listing of the message. Before sending, the red X can be clicked to remove the entry. (The gray button at the right end is used in the processing of transported websites.)
Stress testing successfully transported a 250 Megabyte Python system directory containing 15 thousand files and subdirectories. As with all messages, the entire package was encrypted during transport, up to the time of display or reassignment.
Website generation involves a number of automated processing stages.
First select Website from the Attach dropdown.
The file explorer will appear from which you will located the folder of the website to be attached. Now click on the index.html file of the site.
The location of the index.html file will be shown in the attachment listing.
To proceed with processing the site, click the gray button at the right side of the listed entry. The agent will automatically scan and process all files and subdirectories within the directory the index.html is located in. When processing is complete the resultant site will be displayed in a separate browser tab.
(The website process will insert and modify HTML and JavaScript code.)
The VU number is automatically generated by the Controller. This is to guarantee system uniqueness. The Title is required to allow user identification of the package.
Sharing provides a means to limit access to hosted items.
Updating the package. First click the Rewrite entry on the dropdown of the specific message to be updated. It will fill the dialog with the current information. Create a new message by attaching items. Press Upload when ready to update. Now anytime anyone accesses that package, they will receive the latest content.
The Retrieve entry will retrieve the hosted package from the transfer station. This is different from clicking the folder in that the folder downloads a temporary copy that is scrubbed when done examining.
The Expunge entry will remove the package from the transfer station, references from the controller, and any local references.
| Entry | Operation |
|---|---|
 |
The folder icon indicates attached files, directories, and/or images are available by clicking it. |
 |
The website icon indicates the message has an attached website and may be accessed by clicking it. |
Any content represented in the listings below are held in a location which is completely scrubbed when no longer accessed. This is why if they are to be used later, they must be saved to a user accessible location.
Clicking the website icon will display the attached site in a new browser tab. Numerous feed back features allow communicating via forms and other mechanisms with the author. (The author can reassign the destination of the responses to other sites.)
A hosted item is identified by a VU number. In exchange for the VU#, the controller will return the URL / directory / filename / password, enabling an agent to retrieve the item if the requester has the right. If the user does not click on the VU title in the displayed tree, the agent does not contact the controller and hence not get the item.
If it is double clicked, the item is retrieved, given a timestamp ID, and stored locally(not in a DB). This is what happens when the “test upload345ert._sio” below is double clicked. The Retrieved line indicates the operation has completed. (And signaling not to retrieve again.)
At this point the item is stored on the agent(RAM) because it is necessary to get to the decrypted content. When this window is closed the item is shredded from the agent; i.e. it is only in temporary store. If the user revisits the mail with the hosting reference at a later time, he will get the latest copy of the item.
If one wants a copy, simply follow the directions above for saving files.| Entry | Operation |
|---|---|
| Reply Chat | This brings up the Chat dialog with the address of the sender inserted into the TO: line. |
| Reply Chat All | This brings up the Chat dialog with the address of the sender plus anyone else who received this message inserted into the TO: line. |
| Reply | This brings up the Mail dialog with the address of the sender inserted into the TO: line. |
| Reply With | This brings up the Mail dialog with the address of the sender inserted into the TO: line, plus a decrypted copy of the content of the message being replied to. |
| Reply All | This brings up the Mail dialog with the address of the sender inserted into the TO: line, plus a copy of the CC: line. |
| Reply All With | This brings up the Mail dialog with the address of the sender inserted into the TO: line, plus a copy of the CC: line, as well as a decrypted copy of the content of the message being replied to. |
| Forward | Decrypt and copy the content of the message being replied to into the message portion of the mail. |
| Full Page | Decrypt and show the contents of the message in an expanded display. (Display includes time it was sent, time it was received, all those who received it, and a list of all attachments.) |
| Add User | Consumer Variant: Add this user to Rolodex of contacts. |
| Block User | Consumer Variant: Block this user. |
| Vocalize | Consumer Variant: Vocalize the decrypted contents of this message. |
| Print the decrypted contents of the message. |
The gray items are sources of messages. The blue are filter flags. As an example, F7 (DELETE) says list all Mail and Chat messages that have the delete flag set.
Sequences permit assembling listings out of various filter specifications. (It only list a messages once even if the filter specs it at multiple stages; i.e. first filter has the highest priority.)
This drop-down provides a short cut to the most frequently used filters. (Filter specifications and filter titles are user programmable.)
Filter specifications are stored in the local index database and would appear similar to:
<intact idx="_ffffffff_9" clrance="LOADED" msg="CHAT MAIL [N:All] "/>Click the mag glass icon on the subject line and a list of all messages with matching subjects will be shown. (The subject search is looking for a 100% match of the subject line, whereas the broad filter search above will accept partial case insensitive matches of words or expressions.)
Click the mag glass icon on the FROM line (only on Chat messages) and a list of all messages with matching accounts will be shown. When searching it looks to match group conversation. In other words, if the are three members in a conversation, it will seek out messages, sent and received, with those three and only those three.
Accounts can be assembled into a team that is owned by the originator. Teams allow sending a message to one account and having it distributed across many accounts. It also permits selectively listing together all messages associated with the particular conversation or project.
Accounts can be added to or removed from a team, but only by the team originator (owner). The team can also be renamed, deleted, or have a team profile attached to it. Again, only by the owner of the team.
When a message is sent to a team, the controller handles validation and the distribution to other members.
Passing over the address book located on the toolbar will cause your list of accounts to drop down for selection.
Sending a message to a team account will cause the controller to distribute the message to all members of the team. (The agent sends only a single copy to the controller and it is the controller who validates every party in the transaction.)
Unlike typical messaging systems, Visral does not send a low quality image of the sender with every message. Rather, account portraits are maintained on on a transfer server. When a message is received, the local portrait cache is check to see if there is already an up to date copy. If not, it will pull a fresh copy from the server. (A portrait date accompanies the message to facilitate always presenting the most current image. If a portrait is changed, all previous messages from the same author will display the most recent image after receiving one with the new picture.)
Clicking on a portrait will display it in an enlarged format, allowing for the presentation of significantly more informtion.
...
Profiles can be pulled by several different means. The location and key of profiles are kept in the controller DB. It is the controller who decides whether or not a requester can receive the profile. As an example; only members of a team can access team profiles. ...
Clicking on the From line of a message will display the profile of the author in a separate browser tab.The profile menu can be entered by clicking on the specific pencil within the account menu.
Doing so will expose the profile menu containing the profile of the selected account. If the account is different from the current, accounts will be switched.
| Operation | Description |
|---|---|
| Login | Select the account from the dropdown. Enter the Master Password followed by a carriage return or click Login. Subsequent execution of the App will display the previously active account in the dropdown. |
 |
Select account:
If already logged in when selected, the account will change to the new one. The selection on the dashboard will also reflect the change. |
| Logout | Enter standby (Control Panel remains open):
|
 |
Close the application:
|
| To change the password, click the Set Password tab on the Properties menu, located in the Control Panel Services dropdown.
Dynamic assistance will be displayed to help in choosing a safe password. It will warn you if selecting a weak password, but will not prevent you from using it. It is pretty much overkill as this password never leaves the agent. The password created is used to unlock 256 bit randomly generated passwords that in turn are used to sign into accounts. In fact the Master Password utilizes the bcrypt algorithm to protect it from attempted access by malware that winds-up on the local machine. |
|
| The password and the Q&A entry can be changed by selecting the Set Password tab in the Properties menu. (Q&A will need to be reentered.) |
|
| Operation | Description |
|---|---|
 Deactivate Account |
Remove account.
Password confirmation is required with this operation. |
 Retrieve Profile |
Download and display profile associated with this account in a separate browser tab.
|
 Edit Profile |
|
| Operation | Description |
|---|---|
| Account Selection |
|
 Run Offline |
|
| Operation | Display |
|---|---|
| Text | All sent and received messages associated with the account. |
 |
Unread messages associated with the account. |
 |
Received messages associated with the account. |
Folders access can be found to the right side of the dashboard backplane. Up to 255 folders can be supported.
Folders messages are displayed by simply clicking on the folder of interest.
Messages, including hosted and lockboxes, are moved to a folder by drag and drop. The same message can be included in up to three different folders at the same time. This allows for more flexible sorting and recovery.
Files may also be dragged and dropped into folders. They will be encrypted along with all other information when logged out. The messages reflecting them have a unique appearance when the folder is displayed, and can be retrieved at that time.
Folders are named by right clicking on the particular one of interest.
The folder slider allows displaying messages previously move to folders, to be indicated in the source listing. A message can be moved to and reside in more than one folder at the same time.
Clicking the Advanced button of the context menu will bring up folder options such as automated forwarding and author/message validation; i.e. the author actually sent the particular message.
Over and above attachments (photos, files, directories, websites/pages, and hosted content), there are numerous way to create messages.
There is an indication on the sent message as to when the recipient has accessed it. The green bar to the left of the sent message indicates it was read by the recipient.
This acknowledgment does not apply to team messages, and only in response to access by the primary recipient; i.e. not to others on the TO or CC list.
The full display of the sent message before the recipient read it.
The full display of the sent message shows the time it was read.
Signaled if a message intended strictly for a team has been forwarded outside the for-eyes-only group.
LockBoxes can hold messages, files, directories, images, and websites. They can be stored locally and/or remotely, and moved or copied to folders. Within reason, they are unlimited and can be associated with communities and accounts.
They are given a user created title as well as a system generated reference number. As with messages, they can be dragged and dropped into folders.
This software package permits locally hosting and protecting critical content from ransomware attacks. Requires a dedicated PC (server not required) and a router with port forwarding functionality. Agent can be configured to backup content on schedules.
The backup process produces and encrypts packages of selected content without overwriting previously saved content for configured periods of times. Saved packages can be viewed and recovered through the agent. The listing indicate the status (is hostile encryption present) of each saved package. ...
To connect to a public channel, just select the assigned public account as would be done with any other account.
Upon the receipt of an incoming message, a two second notification will be displayed in the lower right corner of the display. The name of the sender will be presented.
The Visral's messaging architecture utilizes two communication channels to deliver content. The first delivers an encrypted package to a transfer server. (Two or more servers in the case of redundancy.) The package may contain combinations of various files, images, directories, websites, web pages, and pointers to remotely hosted items.
The second channel carries an encrypted descriptor which identifies the author, destinations, package location,and its key. The controller processes the descriptor, ultimately queuing a re-encrypted descriptor for pickup by the destination agents. These descriptors have a flexible structure permitting configuring video channels, choosing encryption protocols, and ...
The system design is such that if the source code to the agent and controller were made public, it would provide no assistance in penetrating the system or data security. In fact, the design assumes the agent cannot be trusted, as illustrated by the fact that websites are scanned/processed both before being sent and after arrival.
Should a user's machine and their Master Password (and any set PINs) be stolen, only that user info would be at risk. And, because the identity of each account is known and required, management has the power to lock all access to that info using the Master Key; even on the compromised machine.
When an Agent connects with a Community it begins by contacting the Greeter website. There it identifies itself and retrieves an IP address, relevant ports numbers, a preamble signing expression, and a public RSA signature, all of which are required for connecting to a Controller. It leaves behind its source IP address for further security processing.
The Agent then connects to the Controller and utilizes a dynamically changing RSA 2048 based protocol to establish its identity and validate the identity of the Controller. (During the Agent registration process, a RSA 4096 signature is used.)
The Controller establishes a unique AES 256 encrypted channel with the Agent and provides a URL for the transfer server associated with the selected Community. If this secure channel is in use of an extended amount of time, a process is triggered to reestablish the connection with a new AES key by reentering step 2.
For maximum security there is no admin level privilege. Modifications to operating behavior requires C coding and recompilation. Infusion of mods and updates requires offline operations and a non-Visral channel.
In the case of the Consumer Variant, a user provided URL may be used for a transfer server. There is a PHP code generator included in the agent for this purpose. This permits embedding hidden code into an existing website without interfering with it normal functionality.
The system is non-session based; i.e. send and forget. This is partly possible because the agent acts as a custom local server. That means the only time communication is required with an outside resource is when data or processing is not available locally. The HTML that drives the browser is dynamically generated locally; i.e. like having a FaceBook/Twitter type server in every agent.
This obviously simplifies redundancy and the implementation of a self mending network. As well, it makes the implementation a preprocessing anti-flooding solution feasible.
The consumer configuration allows content providers to secure and maintain ownership of their property. Providers are able to regulate those accounts that can access the content. ...
The consumer architecture permits an unlimited number of transfer servers owned by individual content creators permitting secure hosting of their offerings. Free PHP code is provided to allow anyone to offer content. This feature can be hidden within an owner's already existing website. ...
Connection validation: Each controller the user uses will go through the same procedure. Each connection is maintained until the agent shuts down or goes off-line. Connections to accounts execute a different procedure after the agent has confirmed the controller connection. See Flow Diagrams for more details.
Visral is designed to provide protection for distributed process and industrial systems. Provides assets for securely delivering control and measurement variables across networks. Facilitates redundant and confirmed communications between identified and registered endpoints, safeguarding against intrusions and attacks.
Sample of a decrypted XML entry from the indexDB file. (Further message specific information is included within the encrypted content file.)
<intact idx="_61420897_0" encrypt="Kwmniz+FFWaMgt4V5B3vYkdlQZOmWCSpPoBWuvJMT1Q=" msg="cG9rZSgmcXVvdDt2UnVuaXQlYyVzJnF1b3Q7LCAyLCAmcXVvdD..." ctime="_6142088f_0" visitor="Frank Hope@DEVEL:ddddddfklc" team="Frank Hope@DEVEL:ddddddmagv" clrance="" subject="UkU6IHNjcmlwdA==" flags="01040002" type="00000000" note="" files="" outbox=""/>
The indexDB file also hold other operational parameters such as filter definitions, video connection parameters, and remote automation control.
This file (contactsDB.xml) is where user added information related to particular individuals or teams is kept. (This file like all files with potentially sensitive content is encrypted when not active.)
Attribute names are generated automatically from the HTML code of the Contact Details popup, permitting rapid customization. (They are only displayed if they have an assigned value.)
Transfer stations host encrypted data packages. Each account has a randomly generated subdirectory assigned to it. Only the owner of the account has the key allowing the storing of packages in the directory. For a recipient account to retrieve a package, it must know the directory and the file name.
File names are created from 256 bit random generated numbers. In order to access the package contents, the recipient must have received a unique 256 bit password along with the directory and file names, directly from the controller over a secure channel.
With the appropriate API, existing commercial cloud storage can be used as a transfer server.
Preceding characters are for accelerated processing of encrypted packages. The remaining alphanumerical characters of the names are derived from a 256 bit random number.
| C_: | Chat message package. |
| E_: | Mail message package. |
| M_: | Posted message package. |
| P_: | Portrait message package. |
| L_: | Lobby/Profile message package. |
| F_: | Global search results package. |
| I_: | Hosted message package. |
| K_: | User Control Access Key. |
| T_: | Inter-Controller Transfer Certify message. |
| X_: | Add duplicate machine message. |
Content providers can host their own transfer server embedded and hidden within an existing website. Besides preserving ownership of proprietary property, it protects conversations; facilitating such things as controlling who can access the content, charging for access, and protecting against hostel state or three letter agency snooping. (Think TicToc and CCP or FaceBook and FBI.)
The Visral platform was designed to support 100 million accounts (64 billion max), with account signatures up to 126 characters. Worst case single thread detection time in a fully populated DB is 2 to 4 microseconds. The ability to handle 5,000 new messages per second and delivery of 300,000 per second with minimum hardware is a result of the sessionless piped architecture.
The browser is primarily used as an input/output device; i.e. leveraged for its graphics capability and the capacity to allow rapidly developing custom dashboards. Different dashboards can be associated with different accounts, as well as adapting to different operating systems.
All communications, redundancy, and state protocols are processed by the Agent. Secured local data, as well as the various forms of encryption/decryption are handled by the Agent.
In the case of Visral transported websites, They are processed by the agent to remove threatening content and displayed on a separate tab for isolation.
The communications between the agent and the browser utilizes a dedicated websocket connection. This requires a special realization as numerous browsers do not seem to implement websockets completely or correctly.
| Command | Description |
|---|---|
| poke(operation␂target{␂value}*) | Agent side issued command |
| poke("vRunit␂function") | Remotely running JS function [WaitForSingleObject(hEventForm); i.e. wait until completed] |
| setTerm(operation{,value}+) value::=subvalue{"|"|~subvalue}* |
Browser side issued command or browser returning values |
As can be seen below, the Visral dashboard runs off of a local host.
| Description | |
|---|---|
| Inactivity Timeout | Time after which dashboard inactivity will trigger its closure and the agent will to go into standby. Requires reentering Master Password to open agent. |
| Auto Shutdown | Time after which the agent in standby will shutdown. |
| Short Poll Timer | Time after which web socket non response will trigger backup via a polling cycle. |
Bridges allow connecting between various messaging services. Visral's high level of security allows it to connect and send through just about any other service. However, receiving messages from another service requires an understanding of the potential risks.
Standard outgoing email bridge is included.
Full Redundancy with no single point of failure except endpoints. This architecture permits the agent to automatically compare both messages against one another to check for attempted hacks.
Used in securing Master Password, answers of questions, PINs, controller 256 bit passwords, and...
Used in generating bcrypt mode two results.
Session assignment and refresh: randomized 2048; Initial connection clearance: 3072 or 4096 (for certifying ends);
Employed in key chains where multidimensional keys enhance security.
Hash-based Message Authentication Code. All content and connection messages employ HMAC.
Several communication commands (Signin, Invite, Vacant) use computational puzzles as an added layer of protection. (Prime cracker.)
Agents and Controllers maintain multidimensional One Time PADs to validate account sign-ins.
Cookies are NOT used for any purpose as secure connections do not involve browsers or servers. This alleviates one of the most common methods of MFA bypassing attack.
Driven by either a websocket signal (encrypted) from a controller or an agent timer, a recon operation is initiated to retrieve a descriptor from a controller output channel. The descriptor is decrypted into three components, fromwho, towhom, and pkg.
The pkg component was encrypted with the activate (AVATE) key of the target account by the controller. They are combined with a timestamp and stored in the indexDB array. At the same time the timestamp and towhom (account) components are entered into the INBOX queue for processing by the IOmessage scheduler.
(Missing from the diagram below is an input queue on the TCP connection.)The next stage involves decrypting the package and extracting information required for realtime processing, which leads to the shredding of the decrypted package. The package key is further encrypted with a derivation of the master password and master key.
The direct install enables getting started with Visral without being invited by an existing member. Begin by downloading the Gate application from the download page of the Gopaq.com website.
The Gate application provides a facility for downloading the Agent directly. The password is not processed by the application but rather sent to the controller to be validated. Along with the password, various information about the requesting machine is provided to allow dynamic customization of the Agent.
When the Gate has finished downloading, the following screen will appear. To proceed with the installation of the Agent, press Yes. (Your particular AV software may interject other menus you'll need to step through.)
At this point you have installed the agent but have not yet registered the agent or an account.
To proceed with registering the agent and an account, click the account icon.
Now fill out the application and hit Create.
A confirming email will be sent to the address included in the application. The received email will appear as follows.
Welcome to the Visral secure network.
Your account has been reserved for you.
Please copy the activation code below to the certification page.
dddddd5uyl=0.65bNMIrmEp1Jqm4kA2Kfkmnmfzsgo4uMNf9pEq9u8rWgq9xHUbVx6mtiFZL63HZxT+uOngrvTfpJjCvmlLJrq1kWhuBOB44HuJTLwWSrb0E=
Thanks for joining us.
If you did not register a Visral account please ignore this email.
Copy and paste the Authorization Code into the space provided, enter the ID Code you were provided, and then click Certify. (The Auth codes in this example were done at a different time and do not match.)
This operation will register your new account and it will register your agent if has not already been registered.
There are many reasons a connection may go down. Could be the internal network, the WIFI, the ISP, power somewhere along the line, and the list goes on. Most often it is out of your control. The question is, how does your comm application handle the situation. Some of the best known go absolutely berserk. Visral analyses the surrounding conditions and plots the most graceful resolution.
If your network connection has gone down an antenna icon will appear at the end of the global search window. At this time the agent will go off line and a popup will appear in the lower right corner of the screen to get your attention. Clicking on the icon will initiate an attempted reconnect.
During the time a recovery connection is in process, a progress bar is displayed indicating it is working on it. When the connection has been re-established, the icon will disappear. In the meantime normal operations can continue in offline mode.
Features are tested at three points to prevent attempted hacking. As an example: an icon on the dashboard intended to trigger a specific system activity must pass through three levels of scrutiny.
Setting up a personal transfer station. It can be hidden within an existing hosted website a user may already have.
|
Assign a private transfer Server Step 1: Enter the Hosting address below. Ex: www.sample.com Step 2: Set transfer directory limits in Kbytes and then generate "atrans.php". (Will ask for a temp location to save it.) Step 3: On the actual host whose location is shown above, create a directory named "_stepper" with permission set to 755, and install the file "atrans.php" into it. Notes: The "atrans.php" file is unique to each Channel/Community. This custom routine along with account keys allows only the owner to host packages. Although, others with the proper identification can access them. |
Diagnostics are limited to non-runtime modeling systems and not accessible in runtime systems.
There is an event log that traces non-standard behavior.
As can be seen from the diagram, the password is actually buried within the encrypted strings. In other words, the result of correctly answering the questions is not an enable bit that exposes the password, but rather the decryption of the password. The reason for this is obvious, if the password were somewhere in the code or data, a hacker could locate it.
jY1VpGtqkyQIBG/Iw8IRMVTSVM8oOR9Ef+1I6T6tGa4=|
/4ImxoknMLTJ3is3flagUA==|
NOiQ0d/njgq2xc5.fUxWyg==|
Ld9PYAqI3pIZzKdpyYRGmw==|
| Pic Attached | Redundant | OutBox | Draft | Delete | Sent | Only | Urgent | Portrait | Tron | Chat | Host | OTR | |||
| F | E | D | C | B | A | 9 | 8 | 7 | 6 | 5 | 4 | 3 | 2 | 1 | 0 |
| X000 | X00 | X0 | X | ||||||||||||
| User transfer Site | Lobby/Profile | Visited | Team | Note as Content | Mark for Removal | To-Do | System Message | Encrypted Message | Files Attached | Site Attached | |||||
| 1F | 1E | 1D | 1C | 1B | 1A | 19 | 18 | 17 | 16 | 15 | 14 | 13 | 12 | 11 | 10 |
| X0000000 | X000000 | X00000 | X0000 | ||||||||||||
Because the OS's memory allocation is excessively slow, both the agent and controller perform their own memory management. They do so by pulling large chunks of memory from the OS as needed and maintaining it on a free link-list from which it is parceled out and restored. (Memory blocks are issued on 16 byte boundaries.)
| Routine | Operation |
|---|---|
| wrSym() | Save string and return link address. |
| rdSym() | Return string at link address. (in assembly language) |
| appendSym() | Append new string to existing string at link address. |
| lenSym() | Return length of string at link address. |
| clrSym() | Relink to free list the memory blocks at link address. |
| 31..28 | 27..0 |
|---|---|
| A | Next Address |
| Data 0 (low byte first) | |
| Data 1 (low byte first) | |
| Data 2 (low byte first) | |
| 31..28 | 27..0 |
|---|---|
| B | level |
| Data 0 (low byte first) | |
| Data 1 (low byte first) | |
| Data 2 (low byte first) | |
| Routine | Operation |
|---|---|
| wrList() | Append to end of list |
| inList() | Insert into list at location |
| rdList() | Retrieve from list |
| clrList() |
| Routine | Operation |
|---|---|
| insertSibling() | |
| InsertChild() |
| 31..28 | 27..0 |
|---|---|
| 8 | Next Address |
| Previous Address | |
| head data pointer | |
| tail data pointer | |
| 31..28 | 27..0 |
|---|---|
| 9 | Parent Address |
| Previous Address | |
| Data Address | |
| Child Address | |
Graph structure permit implementing cyclic operations as well as sharing processing functions.
The following routines are involved in packaging and unpacking encrypted messages, directories, websites, and agent content while logged out. Special techniques are employed to prevent AV software from tripping when the content contains executable files. (This is unrelated to AV applications detecting issues with executables once extracted.)
These particular routine are also used in the controller for such things as responding to request for catalogs or when utilizing the SET protocol to interchange information between controllers.
| Argument | Definition |
|---|---|
| file.sio | source/destination package file. |
| dest directory src directory | destination/source directory. |
| msgidx | Sub-directory to hold results of decryption. Typically a unique time-base value. |
| decryption key encryption key | Key used to perform decryption/encryption operation. Keys are AES 256 bit and require a specialized format. |
These routines process websites, making it possible to package and transmit. It removes dangerous code. Extracts and relocates images from associated CSS files. It inserts safety popups to non local links; i.e. fine to jump between pages of the site, and offers alternatives when attempting to link off site. Intercepts submit operations, allowing them to be redirected via the agent with its secure and identity facilities. All addresses of images and companion files are remapped to permit hosting by a client PC. (Does not require a server.)
| Argument | Definition |
|---|---|
| webPath: | This value specifies the location of the directory containing the website. |
| webFile: | This values identifies the website startup file. Typically "index.html". |
| webDest: | This value specifies the directory into which to deposit the processed and transferable results. |
| mode: | Specifies the type of processing and modifications to be applied to the website. |
This routine updates a website's accompanying CSS file to work in conjunction with a transported webpages.
| Argument | Definition |
|---|---|
| inbuf: | . |
| outbuf: | . |
| imgdir: | This value specifies the directory into which to deposit the transferable images. |
The following timing is for the agent, which does not have the have constrains demanded by the controller; i.e. handling thousands of simultaneous transactions.
| Function | µsec |
|---|---|
| Time to search/filter the local database. (20,000 messages requires approximately 20 milliseconds to extract all messages with the matching criteria.) | 1 per message |
| Time using buildDat to compress and secure agent associated content when logged out. | 100,000 |
| Typical time using buildDat to compress and secure outgoing messages. | 10,000 |
This image shows a portion of the dashboard. Can be seen are the Mail pop-up with TO:, CC: and subject line. Below are various options and the message to be sent. (Please excuse the automated test values.)
Under the pop-up is a scrollable listing of various messages as dictated by the filter settings.
This illustrates the ability the add and edit various HTML elements, such as the SQXL overlay above.
Clicking on the selected image will bring up the enlarged display which when using the forward and backward arrows permits stepping through each image.
Clicking the site icon if it is visible will display the attached website in another tab as illustrated below.
This web site is being generated by the agent, not a web server. It was encrypted by the author agent
and transported to the recipient agent where it remains encrypted except when displayed.
It is processed before leaving and after arriving to weed out potential threats. Links to
pages belonging to the site operate normally, but others are intercepted and replaced by
a pop-up offering further handling choices.
Pressing the DECRYPT button will unlock the message specific key which in turn will decrypt the message content to be displayed.
Pressing the COLLAPSE button will shred the message content and clear the display.
Chat messages are automatically decrypted as they are displayed.
Processing of websites allows the functional behavior of submitting forms to remain mostly unmodified except when risky code is detected. The following illustrates linking within the website. Linking outside of the website would lead to a popup menu with options to consider before committing.
Attaching websites can facilitate generating demonstrative questionnaires whose results can be accumulated and analyzed directly by the author.
In the example below, clicking on the Free Website link produces a popup offering five choices.
(The websites used in the examples on the site are from http://www.freewebsitetemplates.com.)
This is
This is illustrates the monitor window which provides dynamic information on the operation of the agent.
Evaluator level properties
Director level properties
Feeding the controller database.
| IP Header | TCP Header | preamble | pindex | AES encrypted content |
The RegAgent and NewAccount in the image below is extracted from the encrypted content. These operations are performed only once for the addition of a machine (PC) and once for each new account. (independent of the number of cloned machines.)
The client queue holds a list of messages intended for pickup by a particulate agent/owner/machine. The channel queue holds a list of followers to be fed messages.
A backup copy of these operations is appended to a file. When the controller is restarted, that file is reloaded. Any processing such as removing deleted entries is performed at that time.
As indicated above, the descriptor is extracted from the encrypted portion of the packet. Author and recipients are validated. If they pass a series of tests, then the payload is cleansed and stored in the Dynamic storage while passing its pointer on to the client queues of each recipient. Agents are notified via a websocket connection that a package is ready for pickup. (If websockets is not available then a time cycle will probe a request.)
If a package is available, it will be encrypted by the avate key of the particular recipient account. The outgoing descriptor will then be encrypted by the current session key of the agent/owner connection. After pickup the storage holding the package is released.
This block diagram provides a rough understanding of the controller data flow. The variations in operations makes it difficult to provide a universal diagram as can be seen by the list of commands in the follow on lists. The controller also has an embedded agent to permit it to perform some of its operations.
Image is a view of controller monitoring panel on startup. Besides not relying on sessions, network connections utilize non-blocking sockets.
The controller never accesses the encrypted content to perform its operations. In fact the secured message content never comes in contact with the controller; i.e. only from agent to agent by means of non-processing transfer stations.
Controller delivered descriptor.
| IP Header | TCP Header | Data |
The Visral format of the TCP Data is as follows:
| preamble | pindex | AES encrypted content |
The following operations are executed after they were decrypted and the requester has been identified as having the authority.
| Command | Description of AES encrypted content |
|---|---|
| vMessage | Message distribution descriptor author, command, key+, recipients, URL, directory, package,, community <<:Operation status |
| vEmail | Re-package and send message via standard email. author, command, key+, recipients, URL, directory, package,, community |
| vCertify | Part of account creation sequence. |
| vRange | Used to move portions or all of database among controllers. |
| vFind | |
| vCatalogs | |
| vAccount | Part of account creation sequence. |
| vAddmachine | Assign multiple machines to an existing account. |
| vSetIAN | Set uploaded hosted package info author, command, key, recipient, URL, directory, package, title, team <<:VU number |
| vGetIANdb | Get hosted package info author, command, VU number <<:URL,directory,package,key |
| vDeactivate | Remove an account from the controller DB. As well, this operation appends an instruction to the CSV file tracking additions, which will permit its removal when the controller is reloaded from the file. |
| vPasson | Set up a team. |
| vSetlobby | Configure an account's DB profile/lobby location and key. |
| vPasslobby | Retrieve an account's profile/lobby info |
The following operations are executed after they were decrypted with a temporary AES key.
| Command | Description |
|---|---|
| vSignin | Used as part of a sequence to sign into an account. dkey, account, passkey, avate, owner, <<:pindex, postkey, transURL, pkgdir, privilege, masterkey |
| vJoin | Used in adding new accounts. dkey, account, passwword, owner <<:community, masterkey, activate |
| vTransfer | Used in transferring information between controllers. |
| vAcant | Used in determining availability of accounts. dkey, account, email, community, owner, ownerkey <<:conflict |
| vQuickA | Used as part of a sequence to direct register an account. account, access Code, hasher, email, full name, phone, masterkey, community, , owner <<:activation code |
| vConfirm | Used in transferring information between controllers. |
| vRegAgent | Used in registering an agent account. |
| vOpenAgent | Used in signing into an agent account. |
| vAccept | Used as part of the application (agent) install sequence. |
Except for the UNAME which is limited to a maximum of 128 lower case characters, all entries are variable length, any case; i.e. unstructured. However, the total length of each DB line (UNAME, ACCESS, ..., IMAGE) must be less than 2^12.
The DB operates out of SDRAM, but is backed up with a CSV structured file. The table below illustrates one of several line assignments.
| ENTRY | Description/Usage | |
|---|---|---|
| UNAME | Account | |
| ACCESS | bcrypt code | |
| HASHER | hash | |
| FNAME | full name | |
| PHONE | phone | |
| MKEY | master key/serial#/ID Code | |
| TEAM | account/team/community | |
| AVATE | activate key | |
| PRIV | privilege | |
| OWNER | owner account | |
| LOBBY | profile location/keys | |
| IMAGE | portrait location/keys | |
| INVITE | Invite database | |
| ONEPAD | One time key arrays |
This partial list was extracted from CSV backup file. Some of the entries contain information for accessing account profiles. The actual content stored in RAM may be somewhat different.
The page you are examining was generated by a controller. It has a limited number of actions it can perform to reduce the chances of penetration. Its primary function is to provide explanations and offer a means to register accounts with a reasonable amount of security, prior to installation of an agent.
The server is written in C, so it is not dynamically programmable. It will process GET HTTP retrieval of png, jpg, css, js, html, and ico type files from preassign directories.
This diagram illustrates using the SET protocol to establish a secure link between controllers.
Consumer Variant: Allows agent-less connection via any browser. All be it with less features and security. (In fact when clicking any of the buttons on this site, instructions are being issued to a remote virtual agent. However there are no responses because this instance is not registered.)
Besides being able to locate accounts, global search allows distributed hosting search-able content.
Clicking the Searchable button on the Hosting menu will enter the hosted content into the search process. Same is true for the Profile/Lobby website generating menu.
Normally Visral does not have access to the encrypted message content. When Searchable is selected, the content is passed through an inverse hierarchical dictionary to generated a layered filtering model. Filter components are distributed to multiple nodes with the last being the transfer directory of the owner of contents. Final validation of a global search is made there, responding to the requester via a system message as to the measure of success. (As usual, the controller has domain over all accesses.)
Generating Transfer station operating code in PHP.
Generating Greeter initial code in PHP.
Moving/updating databases/communities.
Generating controller base code and initial DB.
Privilege assignments.
| Single thread | Time |
|---|---|
| Message processing: decrypt descriptor with AES source key plus HMAC authentication, validate source and destination, re-encrypt with AES destination key plus HMAC generation, and queue for recipient pickup. (16 threads will process approximately 1000 messages per second.) | 12 msec |
| Time to validate accounts. (1 account out of 100 million.) Account names/numbers can be variable length up to 126 characters, but always unique. | 2 µsec |
| Time to store a new entry or full string in the DB. | 4 µsec |
| Extraction time of any entry from the DB. | 4 µsec |
| Time to perform a sorted scan of the DB. | 1 µsec per entry |
Descriptors are typically less than 200 bytes in length, but can be up to 32k for special operations. The main encrypted content travels a separate channel and does not involve any processing; simply storing and retrieving. The heavy lifting is always performed by the endpoint agents.
A 64 core machine can process approximately 5000 messages/sec.
| Code | Lines |
|---|---|
| Agent (C++) | 100,000+ |
| Agent (HTML) | 8,000 |
| Agent (JavaScript) | 6,000 |
| Agent (CSS) | 5,000 |
| Controller (C++) | 20,000 |
| Controller (HTML) | 5,000 |
| Controller (PHP) | 2,000 |
This is the network processor that was the genesis of Agere Inc., with its design and patents the product of this site's author.
|
|
|
|
The following is an introduction to the Visral hardware messaging engine.
Illustrative example only
Illustrative example only
| Field | Criteria |
|---|---|
| Contacts | |
| Subject | |
| Preview | |
| Notes |
| Source | FIlter |
|---|---|
|
Mail Chat System |
Draft Delete OutBox Rec'd Only Sent Only |
| Start (GMT): | ||
| Stop (GMT): |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
|
|
|
|
|
Width Height Opacity
×
|
|
account
×
|
|
community
×
|
|
×
|
|
If you had not already retrieved your invitation please contact support at info@visral.info.
|
|
|
|
|
|
Encrypted Username/Password local storage To facilitate recovering lost username and password, fill in questions and one word answers. Then enter the current password, and press the lock. | ||||||||||
Not all question/answers need be filled in, but those that are will need to be answered to recover information. |
|
Assign a private transfer Server Step 1: Enter the Hosting address below. Ex: www.sample.com Step 2: Set transfer directory limits in Kbytes and then generate "atrans.php". (Will ask for a temp location to save it.) Step 3: On the actual host whose location is shown above, create a directory named "_stepper" with permission set to 755, and install the file "atrans.php" into it. Notes: The "atrans.php" file is unique to each Channel. |
|
Add another computer to an existing account Step 1: Before registering the new machine, enter the password for the original machine below, and press the key. | ||
Step 2: Follow the standard registration procedure for the new machine except use the code below as the username and the same password as the original machine. Upon completion the original username and password will permit logging on from either machine. | ||
|
Add a credit card to the account Not required. Only necessary to increase clearance level to 3. | ||
Note: You will receive a conformation post when complete. | ||
|
Legacy email passkeys Record passkey to block spam from legacy email. A passkey can include up to 8 numbers and letters. | ||
Note: Particularly useful in providing increased security against hacking of email addresses used in sensitive accounts such as banking, conventional email, and social media. | ||
|
Limits: Set INBOX Storage limits. After overflow oldest deleted. Set CHAT Storage limits. After overflow oldest deleted. Set SENT Storage limits. After overflow oldest deleted. Set SAVED Storage limits. After overflow oldest deleted. |
|
Encryption Protocols
Asymmetric encryption: Elliptical
Asymmetric Lattice (Ring-LWE) Asymmetric encryption: RSA |
| Generate new keys for private asymmetric comm. |
|
Directory Destination |
|
Use private transfer Server
Emulate Twitter/FaceBook Allow membership request
Allow global search
Audible Notifications Allow membership invitation System response. Change Password.
Wait for conformation that the change has been accepted. | ||
|
|
| Note: | |
|
Enter the recipient's name, email address, phone number, and ID code.
Clicking Invite sends an email to the recipient with a link that will permit joining your community. A personal note of up to 700 chars can be included. |
|
|
|
Enter your name and contact information.
Create and remember an ID Code. Clicking Invite sends an email to the recipient with a link that will permit downloading the agent and account info. |
