Lexicon
Plain-English definitions of the terms SplitSecure uses across the app and docs.
SplitSecure uses a small set of terms consistently across the mobile app, the Web App, and these docs. This page defines each one in plain English.
Approval Set
A group of devices that collectively control a shared secret. Any sensitive action, such as signing a transaction, issuing an SSO assertion, or creating a passkey, needs approval from enough members to meet the set’s threshold before it happens. No single device, and no single member, can act alone.
An approval set is created once by its founding members and can later be rolled forward to change its membership.
Attestation
Cryptographic proof, produced by a device’s own hardware, that it is running genuine, unmodified software. SplitSecure checks a device’s attestation before trusting it to hold a share or participate in an approval set , so a compromised or jailbroken device can be excluded up front.
Approval sets can restrict membership to specific device policies (for example, only iPhones, or only GrapheneOS devices with hardware attestation) when they’re created.
Companion Device
The SplitSecure mobile app, which you pair with the Web App or the Chrome Passkey Extension so it can approve actions you start there. Your companion device holds your share and casts your votes ; the Web App and the extension only drive the flow and never hold a share themselves.
Connected App
A third-party service, such as AWS, Okta, or Google Workspace, that an approval set has configured for single sign-on through one of its identity providers . Signing in to a connected app, or changing its configuration, goes through the same proposal-and-vote flow as any other sensitive operation.
Enclave
An isolated execution environment where SplitSecure performs cryptographic operations, built so that no one operating the underlying hardware can see what runs inside it or read its memory. Before SplitSecure trusts an enclave with key material, it checks the enclave’s attestation : cryptographic proof of exactly what software the enclave is running. This is the approach the industry calls confidential computing. Private key material is only ever reconstructed briefly inside an enclave, immediately after a proposal is approved, and is discarded right after use.
Founding Member
One of the original members of a new approval set , each of whom must approve on their own device before the set officially forms. An approval set with no members yet is just a proposal; it doesn’t exist until every founding member has approved.
Identity Provider (IdP)
The SAML 2.0 configuration an approval set controls, used to issue signed sign-in assertions to connected apps like AWS, Okta, or Google Workspace. Creating or changing an identity provider goes through the same proposal-and-vote flow as any other sensitive operation.
Membership
A single member’s accepted, signed record of belonging to an approval set. A membership is distinct from a share : the membership is proof you belong to the set, while the share is the cryptographic material you use to vote.
Passkey
A phishing-resistant sign-in credential, backed by the WebAuthn standard, whose private key is controlled by an approval set instead of a single device. Creating or using a passkey goes through the same proposal-and-vote flow as any other sensitive operation.
Pledge
A prospective member’s signed commitment to join an approval set that’s currently being created or rolled forward , made before any shares are actually issued. An approval set collects pledges from every prospective member before it distributes shares and finalizes.
Proposal
A specific action, such as signing a transaction, creating an approval set, or revoking a member, submitted for votes . A proposal carries an expiry, so it can’t sit around indefinitely waiting for approval; if it isn’t approved in time, it simply lapses.
Roll Forward
The process of replacing an approval set’s membership and keys with a new version, for example after a personnel change, while requiring the current members to approve the transition first. After a roll forward completes, the previous version is permanently revoked and members not carried forward lose access.
SAML2 Assertion
A signed statement, issued by an identity provider , asserting who a user is. A service provider (the connected app you’re signing into) accepts the assertion in place of a password to complete sign-in.
Sensitivity
A classification (low, medium, high, or critical) attached to a protected resource, such as a connected app . It’s advisory: SplitSecure shows it as a risk indicator on the approval screen and records it in the audit log, but it doesn’t by itself change an approval set’s threshold or who gets notified.
Share
A single piece of a split secret, held by one member of an approval set. No individual share reveals anything about the underlying secret on its own. Only when enough shares are combined, meeting the set’s threshold , can an operation be approved. This is the cryptographic technique, known as threshold cryptography, that lets an approval set act without ever reconstructing the full secret in one place outside an enclave .
Signing Key
A cryptographic key that an approval set controls in order to sign things such as SSH certificates, blockchain transactions, and SAML assertions. As with any other secret an approval set holds, the private key is never reconstructed anywhere outside a momentary operation inside an enclave.
Threshold
The minimum number of votes an approval set needs before it will approve an action, for example “2 of 3.” An approval set’s threshold is fixed when the set is created (or when it’s rolled forward ) and determines how many member shares must be combined to authorize anything.
Vote
A member’s cryptographic approval of a specific proposal , cast using their share (s). Votes accumulate against a proposal until it meets the approval set’s threshold , at which point the proposal executes.
Wallet
An approval-set-controlled key pair for a specific blockchain (Bitcoin, Ethereum, Solana) used to hold and sign for crypto assets. Creating a wallet or signing a transaction with it both go through the same proposal-and-vote flow as any other sensitive operation.
Last updated: