Post-Quantum communications for regulated environments. Zero-Knowledge architecture. Metadata-free routing.
Visk Ops is the sovereign deployment path for high-assurance operators. It separates government and regulated environments from the consumer network by using dedicated infrastructure and customer-operated ZK-RAM relay servers with local policy control.
Single-tenant infrastructure, hosted inside your environment. Visk Ops provides a sovereign deployment with no reliance on shared public relays. Web sessions are linked to the app via an encrypted tunnel so infrastructure never processes plaintext.
Ops traffic stays isolated from the consumer network. The ops network is built for high-assurance separation: ingress, egress, and peering are controlled by your policy, and federation with consumer relays is not assumed.
Your ZK-RAM relays, your operational settings. Operate your own relay servers and define routing boundaries, retention windows, and security policy locally for controlled, metadata-minimized message relay.
Data residency follows your deployment location. Data locality is determined by your chosen region and hosting model, supporting sovereign deployment requirements without implying cross-region relay.
Configuration ownership stays with the operator. You control relay settings, routing boundaries, ingress/egress peering policies, and regional placement aligned to internal governance.
Blind IAM Provisioning. Integrate seamlessly with enterprise Identity Providers (Entra ID, Active Directory) without leaking employee data to the relay. Authentication happens internally, while the relay strictly verifies mathematical, anonymous Launch Keys.
SIEM-Ready Compliance. Satisfy stringent regulatory frameworks (NIS2, CMMC, HIPAA) with cryptographically signed operational audit logs. Visk Ops natively formats access and consensus events for SIEM ingestion, while maintaining absolute zero-knowledge payload blindness.
Visk Ops reuses NIST-standardized ML-KEM (FIPS 203) and ML-DSA (FIPS 204) for exchange and identity. The Aetherion (ML-NGES) payload wrapper is experimental and can be disabled by policy. Operational assurances for relay separation, routing policy, and data residency are defined by the deployment boundary you control.
ML-KEM and ML-DSA reuse standardized primitives with published security analyses by NIST and other organizations.
Your deployment defines relay separation, routing policy, and residency via configurations in the admin panel.
ML-NGES acts as an additional shield around the AES-256-GCM payload data, providing an extra layer of security.