PRIVATE.ME PLATFORM

xSign: Threshold Authorization

XorIDA splits authorization payloads into shares distributed across K-of-N approvers. No single credential compromise grants access. Multi-party enforcement is cryptographic, not procedural.

Access Control COMING SOON XorIDA Powered

Section 01

The Problem

Single-signature authorization is a single point of compromise. One stolen credential grants full access. Multi-approval workflows today are procedural, not cryptographic.

Enterprise authorization systems rely on role-based access control enforced by a central identity provider. If that provider is compromised, every role it governs is compromised. Multi-approval workflows exist as UI checkboxes, not cryptographic enforcement.

Hardware tokens and MFA add friction but still funnel through a single decision point. An attacker who compromises the authorization service can approve any operation, regardless of how many humans were supposed to review it.

The Old Way

Section 02

The PRIVATE.ME Solution

xSign splits authorization payloads into shares for K-of-N approvers. Each share is HMAC-signed and bound to a specific operation via SHA-256. Authorization requires cryptographic quorum.

No single approver holds enough information to authorize an operation alone. Each share is cryptographically bound to the specific operation being approved — shares cannot be repurposed for different operations.

The threshold is configurable: 2-of-3 for routine operations, 3-of-5 for critical changes, 4-of-7 for irreversible actions. Escalation is structural, not procedural.

The New Way

Section 03

How It Works

An authorization request flows through operation binding, XorIDA splitting across N approvers, share collection, HMAC verification, and threshold reconstruction to produce a cryptographic authorization token.

Key Security Properties

Operation binding: Each share is SHA-256 bound to a specific operation — shares cannot be repurposed. Quorum enforcement: K-of-N threshold is cryptographic, not procedural. Non-repudiation: Each approver's share contribution is verifiable.

Section 04

Use Cases

🏦

Finance

Financial Transfer Approval

Wire transfers above threshold require cryptographic quorum from multiple authorized officers. No single compromised account can initiate transfers.

SOX Compliant

🛡

Security

Privilege Escalation

Admin access requires threshold approval from peer administrators. Eliminates single-admin compromise as an attack vector for privilege escalation.

Zero Trust

⚙

DevOps

Configuration Change Control

Production configuration changes require split approval across operations and security teams. Cryptographic enforcement prevents unilateral changes.

Change Management

🚨

Emergency

Emergency Access Protocols

Break-glass procedures require threshold quorum from designated emergency contacts. Prevents abuse while enabling legitimate emergency access.

Break Glass

Section 05

Integration

Quick Start

import { requestAuth, approveShare } from '@private.me/authorize';

// Create a 2-of-3 authorization request
const authReq = await requestAuth(
  { operation: 'wire_transfer', amount: 500000, currency: 'USD' },
  ['cfo@corp.com', 'coo@corp.com', 'treasurer@corp.com'],
  { n: 3, k: 2 }
);

// Each approver signs their share independently
const approval = await approveShare(authReq.shareId, approverKey);

requestAuth(operation: AuthPayload, approvers: string[], config: { n: number, k: number }): Promise<AuthRequest>

Binds the operation payload via SHA-256, splits the authorization token into N shares via XorIDA, and distributes shares to designated approvers. Returns a request handle for tracking approval status.

approveShare(shareId: string, approverKey: CryptoKey): Promise<ApprovalResult>

Signs an individual share with the approver's key, verifies operation binding, and submits the signed share. When K shares are collected, the authorization token is reconstructed.

Section 06

Security Properties

Property	Mechanism	Guarantee
Threshold Enforcement	XorIDA K-of-N splitting	Fewer than K shares yield zero information
Operation Binding	SHA-256 hash commitment	Shares cannot be repurposed for different ops
Integrity	HMAC-SHA256 per share	Tampered shares detected and rejected
Non-Repudiation	Approver key signatures	Each approval is cryptographically attributable
Escalation	Configurable thresholds	Higher-risk ops require more approvers

K-of-N

Threshold configurable

SHA-256

Operation binding

0 bits

Info per individual share

<1ms

Split latency

VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL

Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →

GET STARTED

Ready to deploy xSign?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xSign generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF

Download proofs:

Tier 1 HMAC (~0.7KB)
Tier 2 Commit-Reveal (~0.5KB)
Tier 3 IT-MAC (~0.3KB)
Tier 4 KKW ZK (~0.4KB)

Verify proofs online →

Use Cases

🏛️

REGULATORY

FDA / SEC Submissions

Prove algorithm correctness for distributed systems without exposing trade secrets or IP.

Zero IP Exposure

🏦

FINANCIAL

Audit Without Access

External auditors verify secure operations without accessing source code or production systems.

FINRA / SOX Compliant

🛡️

DEFENSE

Classified Verification

Security clearance holders verify distributed systems correctness without clearance for source code.

CMMC / NIST Ready

🏢

ENTERPRISE

Procurement Due Diligence

Prove security + correctness during RFP evaluation without NDA or code escrow.

No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

Zero infrastructure setup
Automatic updates
99.9% uptime SLA
Enterprise SLA available

View Pricing →

📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

npm install @private.me/xsign
TypeScript/JavaScript SDK
Full source access
Enterprise support available

Get Started →

🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

Complete data sovereignty
Air-gap capable deployment
Custom SLA + dedicated support
Professional services included

Request Quote →

Enterprise On-Premise Deployment

While xSign is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
Air-gapped environments — SCIF, classified networks, offline operations
Data residency requirements — EU GDPR, China data laws, government mandates
Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →