We're in the trust chain, and we're built from the ground up for it. Minimal surface, hardened protocols, and no visibility into who or what we protect.
Only the coordination layer is publicly reachable — purpose-built to be exposed, hardened for that job, tiny attack surface.
NHP knock mechanism uses UDP. No handshake to exploit, no SYN floods, no TCP stack vulnerabilities. Invalid packets silently dropped.
Same cryptographic foundation as Signal and WireGuard. Mutual authentication before any data exchange.
No public directory of LayerV customers. Attackers can't identify which companies use NHP or which resources are protected.
Randomly generated, short-lived, device-locked, single-use. Can't be guessed, enumerated, or replayed.
Internal infrastructure is NHP-protected. Management plane, control systems — none visible to the public internet.
LayerV doesn't store customer passwords or authenticate users directly. That's your IdP (Okta, Azure AD, etc.). Even if compromised, we couldn't mint valid QURLs without passing through your identity system.
Distributed across multiple AWS regions for resilience. No single point of failure for the coordination layer.
Every QURL is cryptographically bound to a specific user, device, and session. Interception is useless — the QURL is either expired, device-locked, or already consumed.
Every access attempt is logged with cryptographic identity binding. Complete visibility for compliance — SOC 2, HIPAA, CISA.
Type II compliance
Healthcare ready
Federal standards
CSA standard
We're happy to go deep on architecture, protocols, and compliance.