# atPlatform

## TL;DR

The atPlatform allows people, entities and things to communicate privately and securely without having to know about the intricacies of the underlying IP network. The atPlatform Protocol is the application protocol used to communicate and Atsign are the addresses on the protocol. All cryptographic keys are cut at the edge by the Atsign owner, meaning only the receiving and sending Atsigns see data in the clear.

The atPlatform can be used to send data synchronously or asynchronously, and can be used as a data plane, or a control plane, or both simultaneously at Internet scale.

<figure><picture><source srcset="https://1631869959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpQPWQHMckXtXYemavYhN%2Fuploads%2FOhjuNZUK3pXrWguDycLj%2FDark.svg?alt=media&#x26;token=cce33190-710f-48ed-b12e-915d62d4f6f7" media="(prefers-color-scheme: dark)"><img src="https://1631869959-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FpQPWQHMckXtXYemavYhN%2Fuploads%2FYqrOytTdTcMbJbaNMzjv%2FLight.svg?alt=media&#x26;token=ef54a160-096f-407f-acf3-187a34217c9a" alt="Diagram of Atsign&#x27;s Core Technology"></picture><figcaption></figcaption></figure>

<details>

<summary>Relationships</summary>

Every **atServer** is associated with *one* **atSign**, and each atServer stores *many* **atRecords.**

When provided an **atSign**, the **atDirectory** returns a *DNS address* and *port number* for its **atServer.**

The **atProtocol** is the *application layer protocol* used to communicate with an **atServer.**

</details>

## atServer

An atServer is both a personal data service for storing encrypted data owned by an Atsign, and a rendezvous point for information exchange. An atServer is responsible for the delivery of encrypted information to other atServers, from which the owners of those Atsigns can then retrieve the data.

{% hint style="info" %}
Unless explicitly made public, atServers only store encrypted data and do not have access to the cryptographic keys, nor the ability to decrypt the stored information.
{% endhint %}

<details>

<summary>atServer Functionality</summary>

* Cryptographic authentication of client devices.
* Cryptographic authentication of other atServers.
* Persistence of encrypted data on behalf of the controlling atSign.
* Caching of data shared by others with the controlling atSign.
* Notification of data change events to clients (edge devices) and other atServers to facilitate delivery of information shared with them.
* Synchronization of data with multiple clients (edge devices).
* TLS wire encryption from clients to atServers using SSL certificates.
* Mutually authenticated TLS 1.2/1.3 wire encryption between atServers using SSL certificates.

</details>

## atDirectory

In order for an Atsign to communicate with another one on the internet, we need to locate the atServer that can send and receive information securely on its behalf.

The location of an atServer is found using the atDirectory service (`root.atsign.org:64`). This directory returns the DNS address and port number of the atServer for any Atsign that it has a record for. The atDirectory service contains no information about the owner of the Atsign.

## atPlatform Protocol

{% hint style="info" %}
The atPlatform Protocol communicates via layer 7, the application layer of the OSI model, over TCP/IP.
{% endhint %}

The atPlatform Protocol is an application protocol that enables data sharing between Atsigns. You can learn more about the atPlatform Protocol by reading the [specification](https://github.com/atsign-foundation/at_protocol/blob/trunk/specification/at_protocol_specification.md). The atPlatform Protocol uses TCP/IP and TLS but does not specify how data itself is encrypted, that is the job of the atSDK and atClient libraries.

## atSDK

atSDKs provide developers with atPlatform specific building tools in a number of languages and for a number of operating systems and hardware. The atSDK allows developers to rapidly develop applications that use the atPlatform.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.atsign.com/core.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.