No Sign-up Procedure
First and foremost, Ai-Fi.net is a non-tracking shared resources for helping Ai-Fi users manage their
private networks, or "Domains"
as they are called, and protect their access to or from the public Internet. It is designed to
maximize their privacy while allowing the construction of an exclusive range of networks for themselves, their
families, and their communities. In its core an entirely new design principle of DiD (Decentralized Identifier) and
Decentralized Pubic Key Infrastructure (DPKI) are followed. The singular characteristics of this DiD based
identity management design conducted through a blockchain-based Ai-Fi Wallet is the large number of "identities"
implemented per the involved application scenarios according to the "Privacy by Design" principle.
Consequently, to participate
in the Ai-Fi ecosystem there is no sign-up required. Authentication and authorization are conducted
by the Ai-Fi users directly without needing any third-party proxies. However, this eradication of
"free services" illusion implies that our users have to carry the cost of running the Ai-Fi
infrastructure collectively (and anonymously), which is kept at a very reasonable rate.
Our members carry out their Ai-Fi operations pseudonymously based on the same
account protection design as in Bitcoin.
Their personal or community domains are segregated from each other but still allowing supervised
inter-domain access and firewall protections.
Although Ai-Fi.net may be deployed in 5 steps or less, it is much more than a single App. Its function set is
delivered through the following apps:
These Apps are to be installed to various architectural elements in Ai-Fi.net according to their intended functions:
- Ai-Fi Cloud Access: This is also known as the Wallet App. It creates your Ai-Fi wallet and the domain-wide CFG (configuration file) for your
branches and other access control rules. It only runs on Apple or Android phones, with limited extensions to Windows and Apple Mac.
- AP (Access Point) App: This is the App for controlling the ingress/egress of a branch. It may run on dedicated
hardware like a Raspberry Pi based controller, or PCs running Microsoft Windows or Apple Macs.
- RA (Remote Access) App: This allows domain members to access various private branches from the Internet.
- Ai-Fi AP (Access Point) Management: This administers how our members are referenced through various applications with them
in exclusive control over their credentials.
- Domain and Branch Configuration, Access, and Control: This is how your private networks are configured
and managed through the AP (Access Point) App. The configuration is centrally administered in a multi-tenant SaaS
fashion. The branches may be distributed across the Internet.
- Internet Access Control: This is the support for incoming/outgoing traffic from/to the Internet. These external
visits can be made either through the Ai-Fi HomeCloud App or directly as a public access with the Home Server as
When first participating, an Ai-Fi user creates their own wallet in order to manage many different
accounts utilized as identifiers under various application contexts. Once created, all
Ai-Fi functions are carried out pseudonymously, identifiable only through their assigned crypto accounts
in the wallet relative to their respective application context without being directly associated with any
other of the owner's worldly identities such as
their cell phones, email addresses, SSN, or credit cards. In other words, the Ai-Fi Wallet maintains a large number
of crypto accounts to protect their self administered DiDs (Decentralized Identifiers), which are individually
managed and applied per associated applications. Those DiDs are further managed through
the Ai-Fi Digital Asset Framework.
The Wallet App safeguards your many account credentials and the domain-wide CFG (configuration file).
The deployment of your domains
is based on this CFG you've defined, after that
you enable one by one individual Home Servers for various branches.
Account-less and Decentralized
There is no need to sign up for an account in order to participate in the Ai-Fi ecosystem. Instead,
an Ai-Fi member is expected to create and own their individual Ai-Fi wallet on their mobile phones
where it is physically/exclusively hosted and managed from. This
is to eliminate any possibilities of tracking but still to be able to pay for various Ai-Fi security services. There is no free
lunch, contrary to what those "free" services lead you to believe, but Ai-Fi charges very reasonably.
An Ai-Fi account is protected by two independent verification factors:
The Wallet App installed on your phones with its wallet and private CFG is
depicted on the bottom right of the below diagram:
- Your mobile phone where your Ai-Fi Wallet is created on
- The Ai-Fi Central application PIN, also local to your phone
In addition to storing members' credentials in their personal phones, during the Ai-Fi operations for delivering
Secure Email or other functions that may require email address or payment, the technology of AnonymousCloud is
further adopted to enforce the Ai-Fi pseudonymity requirement so that our members are not traceable beyond their
pseudonymous accounts. For details, please look into
our blog on Security.
The goal of the Ai-Fi Domain is to allow all devices to be distributed over a wide
area but still able to work together as if they were sharing an unrestricted LAN. A domain is further
afforded a complete set of IPv4 addresses so it can be managed with ample
flexibility in terms of address plan. Design your domain layout
before installing any software.
(Useful Test Scenario)
Download the Ai-Fi Central app onto your smart phone and create a private wallet through the app. Use the
same app to define your only branch consisting of a single PC.
Next install the appropriate Home Server package software onto
your Windows PC or Apple Mac so it can be remotely accessed by your smart phone. You may turn it
into a public web server or other home servers even while you have no public IP addresses.
Install the Account App to
your smart phone and define the domain database to include all branches to be deployed as in
the Minimal Configuration. Move on individually to your PC, Mac or
other Linux appliances such as Raspberry Pi to create Home Servers by installing
the appropriate Home Server software, one for each of
your branch, typically situated apart from other branches. All branches within the same domain may
freely address each other as if they are all located in the same LAN.
For the upper right London Branch with all the IoT devices depicted, those "things" may spread out
geographically, for which you need to follow the instruction for IoT deployment.
If you have some highly mobile devices such as the robot on the left,
it may be defined as a self-contained branch (with only a single device included) in order to allow for its high roaming requirement.
Integrated IoT Home Kits Bridges
The advances of IoT inject smart into things all around us, which will not fulfill
their potentials unless they can be controlled from anywhere at anytime. This vision of
keeping our things at our fingertips at all time
is fully realizable through Ai-Fi.net. We have integrated Apple Homekit into Ai-Fi.net to
demonstrate this capability. This is also an extension of Ai-Fi's Application Transparency
Many incompatible homekits
Many different device to homekits protocols
Most remote control solutions involve the cloud, incurring wider attack surface and privacy concerns
Support for Hybrid Cloud
Migrating your IT assets into the cloud is an excellent option if your cloud services can be trusted.
Ai-Fi.net will help extend your security perimeter to also cover your outsourced cloud elements.
Armed with the DiD stash and the self-administered crypto wallet we are now able to ramp up our private
assets into the cloud anonymously. As long as the payments are met through your Ai-Fi Wallet, Ai-Fi.net accepts
any requests for extending user assets into the Ai-Fi cloud without knowing anything about the requesting users.
The possession of your cloud assets is completely anonymous.