SilentAuth
VINAC-FM 2.0 direction

VINAC-FM Protocol

VINAC-FM is a short-range acoustic authorization transport. Its job is to prove that an authorized approval device or event was physically present, fresh, and policy-bound at execution time.

Development Status

The Bolt archive has useful schemas, dashboards, and edge-function hooks. The current protocol direction is VINAC-FM 2.0: compatibility bands first, nonce and expiry binding, policy-hash binding, fail-closed decode behavior, and no raw audio storage.

Architecture

VINAC-FM operates as a local proof channel for approval requests. Cloud policy decides when it is required; the trusted gateway performs the acoustic work locally and submits proof metadata back to the online control plane.

1

Challenge issuance

Server generates a nonce-bound challenge tied to the active verify_session. The challenge includes frequency band, duration, and an expiry.

2

Acoustic emission

The gateway emits a short frequency-modulated frame in a negotiated consumer-compatible band.

3

Signal capture

The same device (or a co-located device) captures the acoustic signal via the MediaDevices API and decodes the embedded nonce.

4

Cryptographic binding

The captured nonce is signed using the device's attestation key (or a session ephemeral key) and returned to the verifier.

5

Certificate issuance

The verifier checks the nonce, validates the signature, confirms acoustic match, and issues a short-lived VINAC certificate embedded in the receipt.

Database Schema

The VINAC-FM schema consists of four tables:

vinac_settings

Per-project VINAC configuration: frequency band, duration, proximity threshold, same-device enforcement, fallback behavior, and certificate TTL.

vinac_sessions

Individual VINAC challenge sessions, tracking status (pending/active/completed/failed/expired), acoustic match result, device fingerprint, and signal hash.

vinac_certificates

Issued VINAC certificates with token, key ID, subject fingerprint, expiry, and consumption/revocation tracking.

vinac_key_pairs

Per-project signing key references. Public metadata is stored; private material belongs in a secure execution environment.

Protocol Parameters

frequency_bandVINAC-FM 2.0 band: compat_18khz, stealth_20khz, or edge_22khz
challenge_duration_msHow long the acoustic emission lasts. Minimum 1000ms, default 3000ms
proximity_threshold_mMaximum distance in meters between emitter and receiver. Default 0.5m
require_same_deviceIf true, emission and capture must come from the same device session
fallback_to_layer3If true, fall back to Layer 3 PoW when acoustic challenge fails
certificate_ttl_hoursLifetime of the issued VINAC certificate. Default 24 hours

Certificate Format

A VINAC receipt or certificate should bind approval to the request, policy, gateway, proof, and expiry. A practical payload structure:

{
  "jti": "uuid-v4",              // certificate identifier
  "sub": "device-fingerprint",   // subject (device binding)
  "iss": "silentauth:vinac",     // issuer
  "iat": 1712345678,             // issued at (unix timestamp)
  "exp": 1712432078,             // expiry
  "session_id": "uuid-v4",      // linked verify_session
  "project_id": "uuid-v4",      // project scope
  "acoustic_match": true,        // acoustic verification result
  "frequency_band": "compat_18khz",
  "proximity_confirmed": true,
  "key_id": "vinac_key_abc123"   // signing key reference
}

Security Considerations

Replay attacks

Each challenge nonce is single-use and expires after `challenge_duration_ms` + a configurable grace period. The nonce is cryptographically bound to the session ID.

Signal forgery

The acoustic signal encoding includes a HMAC-protected timestamp and session salt. Replaying a recorded signal from a different session will fail the nonce check.

Proximity spoofing

The proximity_threshold_m setting enforces a maximum physical distance. Signal amplitude and propagation delay are factored into the match score.

Key compromise

Private signing keys are never exposed to the browser or stored in Supabase. They are managed in the secure execution environment (HSM or Vault). The public key is stored in vinac_key_pairs.

Browser permissions

Microphone and speaker access require explicit user permission and an HTTPS origin. The SDK handles the permission request and gracefully falls back to Layer 3 if denied.

Availability & Roadmap

Reusable from Bolt archive
  • Supabase schema work
  • Dashboard configuration UI
  • Marketing and documentation pages
  • Billing plan integration
  • VINAC-FM challenge and proof hooks
  • Vocabulary viewer
VINAC-FM 2.0 update
  • Compatibility band strategy
  • Nonce and expiry binding
  • Policy-hash and action-hash receipts
  • No raw audio storage
  • Mac Mini adapter contract
Next build step
  • Real gateway adapter
  • Browser or hardware receiver validation
  • Receipt signing hardening
  • End-to-end cloud plus local proof test

VINAC-FM + Logos Lexicon

VINAC-FM can carry Logos Lexicon intent references. VINAC-FM proves local presence and freshness; Logos defines what a compact token means under a versioned local logic library.

Logos Lexicon docs Product page →

Get Early Access

VINAC-FM local proof belongs on high-risk workflows where actions need a trusted gateway and auditable receipts. It is available during Open Preview for end-to-end testing.

Configure VINAC-FM View plans →