TECHNOLOGY

EXPANDED TOPOLOGY

From a topology standpoint the UW is a hybrid web, and is designed to go beyond the capabilities that any solely centralized or decentralized Web could offer. Centralized components provide early protections for decentralized components like Viat. They also ensure better performance than all Web3 alternatives even in cases with fewer resources. Users can expect a faster experience, stronger security, and greater privacy than that of the WWW, even when on identical hardware.

By expanding the Web’s topology to incorporate a hybrid approach we can take advantage of the features that come along with such networks while also remaining impervious to the downsides present in networks relying strictly on one framework or another. Although the attack surface increases this allows clients and services to simply gravitate or lean on the centralized or decentralized varieties of individual components, allowing them to remain operational in more scenarios while operating at the best possible performance. 

UNIVERSAL DATA STREAM PROTOCOL – (UDSP)

UDSP is a UDP based low-latency, real-time, bi-directional, encryption enforced, and overall reliable Data Transport Protocol. UDSP replaces HTTPS & WebSockets for all data communication on the UW. The first step in the construction of the Universal Web is to replace HTTP entirely with UDSP. On the Universal Web, all communication, streaming, or transferring of any type of data utilizes UDSP. When visiting a site on the Universal Web UDSP is the protocol used. Specific UDSP client and server modules are required to visit or host a website on the Sentivate Network. UDSP is the foundation of the Universal Web.

The protocol is capable of dynamic reliability on a connection level, or on a per-request basis agreed upon between the involved parties. Unlike HTTP, UDSP enforces encryption meaning that all UDSP connections are encrypted by default, with no exceptions. UDSP supports IPv6, Multiplexing, Multihoming, and perfect-forward-secrecy.

It’s a merger of the functionality you’d expect from HTTP & Websockets, designed to be kept open for the life cycle of the app and send requests through that one connection. Since connections are bi-directional streams and thus inherently less chatty, the protocol conserves bandwidth and ensures low-latency for the lifetime of the connection. UDSP is far less chatty than HTTP and can be programmatically set to adjust it’s own reliability standards. This makes UDSP a highly useful protocol where high-throughput, low-latency and high reliability are required. Due to UDSP’s programmatic, dynamic nature, it’s efficacious in situations of highly variable and or degraded network connectivity.

UDSP also has optional puzzles contained inside packets which allow providers and solvers to earn VIAT. Puzzles can vary and are thus a Dynamic-Proof-of-Work. The puzzles may be encapsulated or point to data that is required for solving the puzzle. The puzzles also function as congestion control and a way to limit the potential damages from DDOS attacks. When a client solves the served puzzle, both the client and domain are credited by the network with Viat. If a server is under DDOS attack, the server can dynamically change the reward split up-to 100% for the domain. This ensures the attackers suffer financial loss and thus have little to gain. Puzzles ensure that both parties have an incentive to act in good faith.

UNIVERSAL DOMAIN SYSTEM – (UDS)

The UDS controls all domain components that come together to make connecting to sites easy, fast, and cryptographically verifiable. When requesting information on a domain name your client contacts the Domain Information System (DIS) a crucial component in UDS which takes on the responsibilities one typically expects from a DNS-like service while also incorporating Domain certificates. Domain certificates are cryptographically verifiable, structured documents that could include IP/Network routing information, Domain records, domain path matching, Server Name Indication (SNI), and cryptographic information. Domain certificates can be used in and of themselves to connect to services or are used to verify cryptographic domain name records.

Similar to DNS, the DIS has domain records except that they are signed and cryptographically verifiable. The domain certificate is first required, then the domain record. If the domain certificate itself doesn’t possess default routing information it can then ask for a record, which is also known as a “record certificate”. Each record must be individually signed so that it can be efficiently stored and transferred to a client. If the client doesn’t have the certificate associated with a particular domain it must first request it. If the client has the certificate and it contains sufficient routing information it can use it. If not then the client must ask for the records associated with that certificate and domain.

Being able to find a service with a human-readable hostname is vital to the function of the Web today. The component which does this on the Universal Web is DIS. The WWW’s DNS takes a human-readable hostname, for example Universal.web, and returns the IP address of the end service, allowing your computer to navigate to the requested website. You give it a domain name and it gives you the IP of that domain name. Without this system, the Web wouldn’t be what it is today. It allows you to traverse the many services available on the Internet in a human-friendly way.

The Universal Web’s alternative methods are more robust. The information returned by the DIS is different compared to your typical DNS response. The DIS returns a cryptographic certificate that provides more than just routing data to keep the network more secure and offer more features. The Privacy of users is better on the UW compared to the WWW because the DIS has encrypted communication by default. This stops people from being able to interfere with the responses coming back from a DNS server. It also stops an attacker from gathering information on what websites you’re visiting. It also keeps users safe when more sophisticated DNS and BGP hijacking attacks occur. The more sophisticated attacks are prevented largely because the information returned is cryptographic in nature that being a domain certificate that ensures that users even if routed to the wrong place wouldn’t be able to establish a connection to the service since it doesn’t hold the true key pairs.

DOMAINS AND DOMAIN REPUTATION – (DR)

Domains on the UW have full or shortcut extension names and can have single full names for trademarked entities. The domain rules and regulations are designed to organize the Web, free up a domain, protect trademarks, limit malicious activity, and categorize the Web. Domain extensions should be descriptive, relevant, and be indicative of the type of content to expect from the website.

For example, one can navigate to an online shop by simply typing its name into a Universal Web browser. Domain rules are stricter on the Universal Web, including a tight use it or lose it policy. One could indeed sell a domain name but it would need to first have been utilized in the manner in which the extension would indicate. Domain content or service must be relevant to the domain extension. For example, an online store must use the “.store” domain extension, i.e. “shopname.store”. There are shorthand domain extensions available for certain domains. For example, the shop’s company website would utilize the company extension, shopname.company, or the shorthand variant shopname.com.

Sites dedicated to cryptocurrency must use the cryptocurrency extension; however, a news site related to say bitcoin must use the .news and or .blog extension. Any domain that may have random and or arbitrary content must use the .abstract extension if general terms aren’t enough such as “blog”. Being able to find as well as distinguish trustworthy from malicious services, (as well as specific URLs), is essential to a safer Web. Users can rate domains as well as other users right from the browser. Ratings also help to assign a weight to the voter and further ensure no votes are used to abuse, silence, or intimidate a service. It can also ignore or remove any fraudulent voting done in mass or at a single point in time. This acts as an open, crowdsourced filter to public opinion, and helps to tackle the “Fake News” concern.

UNIVERSAL IDENTITY SYSTEM

Identity certificates, (IC), are documents that provide cryptographic details that represent you on the network and are signed by an Identity Registrar. An identity certificate has two cryptographic key pairs: Master and Ephemeral. A master key pair is used specifically for signing ephemeral certificates and is the core identifying key pair. Ephemeral key pairs can be replaced at the owner’s discretion. ICs cryptographically authenticate & authorize clients on the network. Servers require a client certificate upon connection to establish a successful UDSP handshake. They also form the basis for a decentralized reputation system, which can publicly record good & bad behavior associated with specific certificates. Honeypots can be used to block known bad actors from accessing a service further securing the network. Since Identity certificates can be linked to real-world identities and assets, the UW is an ideal platform for secure, private, and verifiable voting in elections. Stores and companies can have verified ICs which allow users to easily identify them on or offline.

Ephemeral Certificates, (EC or Profiles), are a sub-certificate to the Master Certificate. ECs act as profiles that are used to access user-defined services. For example, wallet certificate, banking certificate, general web browsing certificate, or for every service. One can choose to utilize one single ephemeral certificate for all services, one for each, or any arbitrary combination. An EC is part of the encrypted payload sent in the first packet which occurs during the connection handshake for authentication, not encryption. Users can instantly signup, login, or purchase an item with their identity certificate.

The Identity Registrar, (IR), is a service that signs certificates & is the first layer of protection for the network. The IR protects the network by filtering faulty certificates, stopping Sybil attacks, spam identities, dummy identities, and nefarious actors. A missing or false signature would give services an extra edge to more efficiently weed out and deny connection attempts. If the certificate is successfully vetted by the IR it would then sign the certificate. Only then it can be successfully used by services and the DIS. During the initial handshake, the first packet contains the certificates required to establish a UDSP stream. If signatures are successfully validated the rest of the handshake process continues, else it fails. In the future, a decentralized IR mechanism will be leveraged to help validate newly submitted certificates for signing.

The IR is a proactive security measure and helps keep potential issues to a minimum. If certain countries require that citizens or devices have a person or entity linked to an IC then this would be an efficient mechanism for halting potential crime without compromising the privacy of the individual. It would also aid countries in tracking down criminal entities or use other parts of the network to pinpoint them.

Active certificates could continually be updated and signed. When a certificate is re-signed, another field is added to the certificate which shows the elapsed time since the previous signing of the certificate. This provides services with an extra layer of trust for certificates as it ensures that they be continually and the bad ones are weeded out. This interval could happen when whatever it’s deemed necessary by the client. If the whole UW were to enforce a certain time-dependent check it would force the users of those services to do so before connecting.

UNIVERSAL WEB APPS

Hybrid apps are self-constructing, streaming single-page-applications. Hybrid apps are built using reactive, dynamic, and modular development methodologies. hApps have all the benefits of centralized & decentralized networks ensuring the highest scalability potential. hApps’ assets are contained in their file and are streamed to the client on an as-needed basis. They are streamed and built over time, like a bridge building itself as you walk across. Only one initial page load takes place and thereafter pages are dynamically built as needed similar to Single-page-apps. Only exactly when the client needs the resource will it will be fetched and delivered.

Hybrid Apps can utilize an opt-in decentralized P2P CDN for assets in addition to the destination service. Making use of a Hybrid Content Delivery Network means that hybrid apps have high availability, scalability, and more bandwidth. hApps validate, authenticate, and authorize clients automatically during the initial connection handshake. hApps backends can store and reference clients by their public key or full certificates. Think of it as oAuth for the entire Internet. Services no longer need to worry about hashing, storing, and or encrypting passwords. Clients can quickly log in at the click of a button or automatically by simply connecting to the service. Users no longer need to remember or create complex passwords as using their keypair is more secure and easier to use. If services do not require you to have a username they can simply rely on your public key as your identifying name. This means that for some services users don’t have to create a username and password during the registration process.