ZPR
GitHub

Zero-trust
Packet Routing

An identity-aware network security layer for today's organizations

View RFCsView the Code

A New Foundation for Secure Network Communication

The Internet’s original design left security to the endpoints, creating gaps that firewalls and other patchwork defenses can never fully close. Zero-trust Packet Routing (ZPR) fixes this by embedding policy and identity into the network itself, defining who can connect, under what conditions, and for how long.

Developed by Applied Invention and advanced in collaboration with Oracle, ZPR is part of an open industry initiative to unify network security across datacenters, clouds and distributed environments. It can be implemented in software or hardware, works with existing IP-based applications, and provides organizations with a path to stronger, standards-based security without disruptive infrastructure changes.

ZPR is an open protocol, and the open source reference implementation is in active development. The RFCs, demo code for creating a ZPRnet and the policy language compiler can be found on Github. If you’re interested in knowing more about ZPR as either a potential contributor or an industry partner, more information can be found on our Contact page.

Security Policy First
Define policies once using ZPL, a human-readable policy language. Rules are based on identities and attributes, not brittle IP addresses, making them clear, auditable, and consistent across systems.
Auditability
Every packet is permissioned by a visa that verifies its sender, receiver, and compliance with policy. This creates a built-in audit trail of all communications, helping organizations meet regulatory and governance requirements.
Zero-trust by design
No traffic is trusted by default. Every packet must prove authorization at every network hop, removing implicit trust within the network and closing common attack vectors.
Identity-based Enforcement
Policies flow from verified identities of users, devices, and services. This model ensures security remains valid across hybrid, multi-cloud, and multi-tenant environments.
Practical Deployment
ZPR runs in software or hardware and works with existing IP-based applications. It can be adopted incrementally, giving organizations a path to modern security without disruptive infrastructure changes.
Designed for Organizations
Policies are modular and additive. Different groups can write ZPL policies independently and combine them.

Zero-trust Networking Stack

IP Stack comparison showing normal implementation vs ZPR Security Layer