Security built into the packet –
not bolted around it.
The SuprNet ecosystem re-architects network trust at the most fundamental unit of the network: the IP packet. Every SuprNet packet securely carries its own verifiable identity, usage policies and mesh authorities, and travels sealed end to end in three layers of quantum-resistant crypto – routing across SuprNet federations with complete transactional privacy – nobody can see who is talking to whom.
SuprNets are an explicit re-architecture of network security and trust –
a unified ecosystem of quantum-resistant cryptography, policies by operational
intent, AI-curated traffic, cloaked IP addresses and more…
Three nested layers of quantum-resistant cryptography – transport- and protocol-agnostic, traveling over any infrastructure, and non-existent when idle.
A Digital Passport in every packet – securely providing verifiable source identity, provenance, usage policies, and mesh addressing, all traveling inside the secure packet, not outside it.
Cloaked sender IP addressing that delivers transactional privacy, with near-real-time threat immunization across federations from detected sender decoy address attacks.
Graphically driven dynamic policies at packet speed – by business intent, operational relationships, and behavior, not CLI, iptables, ports, and locations.
An AI inference engine with industry ontologies for traffic curation, and an operator-managed feedback loop for dynamic policy updates.
Effective operation in tactical-edge environments across joint commands & coalitions – a transport-agnostic federated mesh spanning wireline, RF, satellite, cellular, AWS GovCloud, SIPRNet / NIPRNet.
For twenty-five years, network security has been dominated by one prevailing flaw: the IP packet carries no verifiable identity – therefore can never be trusted. Every defensive generation – VPN, TLS, ZTNA, SD-WAN, IAM, PAM – exists to police untrusted packets from the outside, through out-of-band services that add complexity, latency, and cost while multiplying the attack surface.
None of them fixes the packet trust problem.
why not make the packet itself trustworthy?
SuprNets invented the Packet Passport to give the packet verifiable identity – rendering the packet itself trustworthy. Beyond identity, the Passport carries policy, provenance, mesh directives, and routing authority – removing the need for many external services. The Passport travels within a triple-layer cryptographic stack that seals the entire packet and its Passport end to end, with no decryption cycles and no persistent tunnels. The packet becomes trustworthy at origin, across its lifecycle and verifiable at every endpoint, with no overlay sessions and no external trust apparatus to defend.
Major components
SuprAdmin™
The central management console – a single graphical surface for SuprNet setup, user and device management, policy authoring, Passport management, and federation administration across combined, joint, and single service operations, native to multi-tenant and multi-enclave operation.
Learn more →SuprStart™
Graphically provisions a gateway, registers devices, applies policy templates, and joins the mesh in a few clicks – carrying prior router configuration onto the gateway with minimal interruption.
Learn more →SuprGate™
The on-premise or tactical edge SuprNet gateway that consolidates firewall, VPN, SD-WAN, and zero-trust policy roles into a single entry and exit point for wireless and wireline devices, including IoT, unmanned devices and mesh daisy-chained connections.
Learn more →SuprStack™
Wraps every packet in three nested, quantum-resistant encryption layers, sealed end to end with no persistent tunnels and zero key or certificate management. VPNs simply disappear.
Learn more →Packet Passport™
Complete trust at the packet layer: a rich-field, small-footprint, in-band identity, provenance, policy, and routing control directly inside the packet, for real-time traffic management without central brokers or policy overlays.
Learn more →SuprMesh™
Federates SuprNets across any transport into a true peer-to-peer mesh of any configuration. Bilaterally granted Visa policies control accessible networks, devices, and cloud connectivity.
Learn more →SuprCloak™
Provides true transactional privacy across federations by removing the sender's true IP address from the public path. Bidirectional protection assures no one can tell who is talking to whom.
Learn more →SuprNexus™
The graphically driven, in-memory bit map that enforces policy – at packet speed – by operating relationships, mission intent, and packet behavior, rather than CLI, IP, and ports. Dynamically interfaces to SuprNeural.
Learn more →SuprNeural™
AI analysis of federation metadata, traffic patterns and performance metrics, anchored by business and mission ontologies – recommending policy-engine refinements through an operator-reviewed loop.
Learn more →Make the packet trustworthy at the source and across its lifecycle, and the threat model collapses – the attacks that depend on untrustworthy packets have nothing left to exploit.
Two markets, one capability
Deny the adversary the first targeting cue
SuprCloak removes the source address from follow-on action that fixes the sender and the reconnaissance picture a mission network depends on. Combined, joint, and single service operations interoperate without exposing each other's order of battle – on the one link that is always reachable, with cover that strengthens as operational tempo rises.
True transactional privacy & security
Even across secure networks, transactional privacy suffers because both sender and receiver IP addresses are exposed in packet headers. Anyone watching the Internet traffic can tell who is talking to whom. By cloaking the sender address in both directions, no sender can be tied to any receiver, and full transactional privacy is achieved across the SuprNet ecosystem.
One integrated ecosystem
SuprNets are a categorical re-architecture of network trust at the packet layer, not an incremental enhancement to any existing category. Unlike the typical complex stack of disparate security components, the SuprNet components operate together on one platform. This new ecosystem makes the main tenets of the Zero Trust model native to the individual packet, with verifiable identity, security, routing and policy managed dynamically as packets transit federations with no out-of-band brokers, agents, or tunnels.
With SuprNet's trustworthy packets, and the data-rich Passport, many legacy security components become marginal or obsolete – complexity is collapsed, component licensing and management costs go down, key, certificate and crypto overhead are eliminated, and the threat surface is reduced.
SuprNets are agnostic to all protocols and transport – operating beside or riding seamlessly over any private or public network, including any cloud infrastructure. SuprNet packets are fully RFC compliant and look like standard packets. However, they do have a unique internal structure that differentiates them from standard packets – allowing precise control over all traffic on SuprNets. Because the only legitimate traffic on SuprNets must originate on SuprNet registered devices, external attacks fail at the port, and internal or lateral rogue traffic is blocked and logged. The cloaking of sender IP addresses further extends the security model to the most remote edge – allowing a degree of tactical endpoint security that was previously unachievable.
SuprAdmin™
SuprAdmin is the central management console native to multi-tenant and multi-enclave operations. As a local or remote cloud-based oversight facility, it provides a single graphical surface for new accounts, onboarding, policy authoring, user and device management, Passport management, audit, reporting and mesh federation administration. And it is the management interface for SuprStart and SuprNexus.
SuprStart™
SuprStart compresses deployment from weeks or months to hours. Its graphical interface facilitates provisioning a gateway, registering devices, applying policy templates, and joining the mesh with a few clicks rather than command-line steps. For live conversions, it automatically carries prior router and device configuration onto the gateway with minimal interruption.
SuprGate™
SuprGate is the SuprNet software mounted on qualified edge equipment. It anchors a local SuprNet as the packet entry and exit point. It generates Passports, applies the SuprStack encryption layers, enforces SuprNexus policy, and federates over SuprMesh – and it brings local devices, including IoT, laptops, smartphones, drones and unmanned devices onto the network without endpoint software, or daisy-chained devices with endpoint software.
SuprStack™
SuprStack is the three-layer, quantum-resistant cryptographic core. Every outbound packet receives nested, just-in-time encryption layers automatically – no manual configuration, no certificate lifecycle, no key management, no operator decision points. The source packet is encrypted as an opaque blob – including payload, headers, attachments and IP addresses – fully standards-compliant at every layer and independent of protocol or transport.
Packet Passport™
The Packet Passport is the first patented identity, policy, and provenance extension to the standard IP packet. It is a compact, signed control container attached to every packet and carried in-band, right within the packet. Built dynamically at the gateway from cached device, user, policy, and federation records, it binds verifiable packet identity to the originating device, user, and application, and carries policy, provenance and mesh context. Packets without the SuprNet format and a valid Passport are silently rejected - locking out external and lateral threats alike.
SuprMesh™
SuprMesh federates networks into a transport-agnostic, peer-to-peer mesh – spanning wireline, radio, satellite, cellular, cloud enclaves with no central control plane. Federation behavior is governed entirely by mutually exchanged permissions called Visas – two parties each grant the other before any traffic flows – and any permission or device can be paused, modified, or quarantined in a single action with zero impact on uncompromised peers. Forwarded packets are re-wrapped in a fresh transport session without exposing payload, enabling federation across any number of hops or coalitions with no intermediate decryption. Because continuity is buffered at the packet level rather than the session, the mesh keeps enforcing trust under denied, disrupted, intermittent, or limited connectivity.
SuprCloak™
Provides true transactional privacy across federations by removing the sender's true IP address from the public path. Bidirectional protection assures no one can tell who is talking to whom. The protection is bilateral and self-restoring – the forward path conceals which device is sending, the return path conceals which gateway is answering, and each direction privately holds the addressing the other needs. SuprCloak has properties no conventional control shares – it strengthens as the operation intensifies, and any unauthorized attempt to use the decoy address triggers an immunization update across the federation.
SuprNexus™
SuprNexus is the SuprNet policy engine, keyed to permitted relationships, operational intent, and approved packet behavior across OSI layers two through seven, replacing CLI-address-and-port rule lists. Policy lives as an in-memory, bit-mapped matrix that resolves in kernel time regardless of how many rules exist, and is authored graphically rather than through a command line. Enforcement context travels in the Passport, and is visible at endpoints, so there are no runtime calls to external decision points and updates propagate without restarting the gateway.
SuprNeural™
SuprNeural is an off-path AI advisory layer. It observes federation mesh patterns and packet behavior – anchored by formal ontologies and recommending policy refinements to SuprNexus through an operator-reviewed loop. It is architecturally and deliberately advisory – never on the inline security-decision path – which keeps the enforcement core deterministic and accreditation-friendly.
SuprClient™ SuprMobi™ SuprDrone™
These variants extend the architecture to the device itself. SuprClient serves fixed mission-critical platforms; SuprMobi covers laptops, tablets, and phones in untrusted environments; SuprDrone secures unmanned platforms with per-packet identity and one-click quarantine of a captured or compromised system, with zero impact on the surviving force. All three generate encrypted, Passport-bearing packets at the device and connect to gateways and peers without tunnels or third-party agents.
Standards & alignment
SuprNets is designed to align with the DoD Zero Trust Reference Architecture across all seven pillars and to satisfy the core tenets of NIST SP 800-207 – at the packet layer rather than the session layer, with policy carried in-band rather than fetched from a decision point. Its primitives are standards-conformant, and FIPS 140-3 module-level validation is a designed-for path. The architecture supports CMMC control families through architectural enforcement, eases continuous authority-to-operate, and runs an all-symmetric data path that is modular to adopt NIST quantum-resistant standards.
Where it stands
SuprNets is in advanced development. Several components are at advanced-prototype stage (TRL 5-6); others are earlier in the cycle (TRL 1-3). Capabilities are described in the present tense to convey design intent and demonstrated behavior – they are not a commitment of delivery date or certified status. Formal maturity and validation are assessed per program.
Read the thinking behind SuprNets
Foundational essays and component briefs. Papers marked available can be directly viewed and downloaded. Other briefs are available by request.
Fixing the Internet's Fundamental Flaw
The root question the security industry never asked – why not make the packet itself trustworthy – and what changes when you do.
Read paper →Zero Trust: A Doctrine Without Deliverance
Why session-and-perimeter zero trust stops short of the packet, and where a packet-native model picks up.
Read paper →SuprCloak: Transaction-Level Non-Attribution
The mechanics of decoy anchoring, bilateral self-restoring cloak, and an anonymity set that grows with operational tempo.
Request a copySuprStack: Three-Layer Per-Packet Encryption Without Tunnels
Nested, independently keyed layers, just-in-time keying, and bit-identical recovery of the original packet.
Request a copyThe Packet Passport
Verifiable identity, policy, and provenance carried inside every packet, and what it consolidates from the legacy stack.
Request a copySuprNets for Government & Defense
Trust under denied, disrupted, intermittent, and limited connectivity, and coalition federation without shared identity infrastructure.
Request a copyQuantum Computers vs Encryption: Debunking the Alleged ‘Quantum Threat’ to Encryption
Debunking the alleged "quantum threat" to encryption – separating hype from mathematical reality.
Read paper →How Far Can Quantum Computing Go Without Quantum Memory?
Why the challenges of quantum physics may deny quantum computing a commercial future.
Read paper →Unwelcome and Dangerous Internet Traffic
A global analysis of unwelcome and dangerous internet traffic, 2022–2024 – a market report from TrustWrx.
Read paper →The Increasingly Insecure State of Healthcare Networks
Hospitals and private practices at risk of cyberattacks, lost patient records, and operational shutdowns.
Read paper →Why Quantum Computers Will Never Be a Threat to Encryption
The qubit noise, scaling, and memory barriers that remain insurmountable.
Read paper →The people behind SuprNets
George Sidman
George is a proven serial entrepreneur with prior software, Internet and security startups and successful exits. Inventor and project director of the SuprNet security ecosystem. He has founded, funded and led innovation teams across five prior companies, including pioneering advances in library automation, a regional MSP and web development company, and WebLoq, the world's first private email system. Named inventor on four US patents, with patents pending.
Dan Corcoran
Dan brings a broad range of management experience in security operations, engineering, architecture, and risk management. His background includes Group Information Security Officer for Intuit's TurboTax, Mint and Quicken offerings; leader of Information Security & IT Risk Management at Silicon Valley Bank; Director of Information Security at Electronic Arts; Director of Security at VeriSign; Chief Scientist for Security Services at Equifax Secure; and Manager of Network Design at Electronic Data Systems. He is the author of "A User's Guide to X.509 Version 3 Digital Certificates."
Marc Warshaw
Marc's background across all aspects of Internet operations began with the U.S. Navy in anti-submarine warfare, then at Applied Research Associates, where he provided contract and technical oversight for the modernization of mission control centers and data systems of the Air Force Satellite Control Center. His consulting work includes assignments with OPEC, the Budget and Planning Office of Iran, the Offices of the Presidents of Spain and Venezuela, and the US Joint Chiefs of Staff. At Xerox, Marc led the team that produced the first electronic mail gateway and its associated ISO and CCITT standards.
About TrustWrx
TrustWrx, Inc. is the company behind the SuprNet security ecosystem – a highly experienced and focused team building packet-layer trust for defense and commercial networks. SuprNets is its flagship technology, protected by an issued and pending US patent portfolio.