Core concepts
| Term | Definition |
|---|---|
| Vault | Your encrypted digital estate container on Inheribase. Stores assets permanently on Arweave and governs who can access them and when. |
| Vault Credits | The internal unit of account for Inheribase operations. 1 Vault Credit = $0.01 USD. Credits never expire. |
| Digital Airlock | The client-side encryption boundary. All data is encrypted within your browser before it leaves your device. Inheribase never touches unencrypted data. |
| Sovereign Directive | Any file or record stored in your vault — a document, key, photograph, or recording intended for generational transfer. |
| Endowment | The one-time storage fee that funds permanent data persistence on Arweave. Unlike subscriptions, this is a single payment that covers storage indefinitely. |
| Gas Model | Inheribase’s pay-as-you-go pricing system. Operations consume Vault Credits (the “gas”), with no subscriptions or recurring fees. |
| Vault Coverage | The projected duration your current Vault Credits balance will sustain liveness monitoring, check-ins, and trigger operations. Displayed as a “Fuel Gauge” in the dashboard. |
| Permissionless Funding | The ability for any person to deposit Vault Credits to any vault using a public funding link (/fund/<wallet-address>) without needing authentication or the owner’s credentials. |
| Dunning | The 4-stage escalating notification chain that alerts the vault owner, guardians, and heirs as Vault Credits approach zero. Stages: Advisory (30 days) → Warning (7 days) → Critical (48 hours) → Exhausted (grace period begins). |
| Credit Grace Period | A 7-day buffer after Vault Credits reach zero. Check-ins still succeed during this window, preventing false releases, but uploads are blocked and the deficit is tracked for deduction from the next deposit. |
People and roles
| Term | Definition |
|---|---|
| Vault Owner | The person who creates and controls the vault. Has full authority over all settings, assets, guardians, and heirs. |
| Guardian | A trusted contact who holds an encrypted fragment (share) of the vault’s reconstruction key. Guardians cannot access vault contents individually. |
| Heir | A designated individual who receives full access to the decrypted vault contents upon release. Heirs are unaware of their designation until the release sequence completes. |
| Merge Authority | In the context of key reconstruction, the coordinating party who initiates the assembly of guardian shares to reconstruct the vault key. |
Security and cryptography
| Term | Definition |
|---|---|
| AES-256-GCM | Advanced Encryption Standard with 256-bit keys in Galois/Counter Mode. The encryption algorithm Inheribase uses for all vault data. Used by governments, financial institutions, and military applications worldwide. |
| Shamir’s Secret Sharing (SSS) | A cryptographic algorithm that splits a secret (your vault key) into multiple shares, where only a threshold number (e.g., 2-of-3) can reconstruct the original. No single share reveals any information about the secret. |
| Zero-Knowledge Architecture | A system design where the service provider (Inheribase) has no technical ability to access, read, or decrypt user data. This is enforced by architecture, not policy. |
| Client-Side Encryption | Encryption that occurs entirely on the user’s device before any data is transmitted. Inheribase servers only ever receive encrypted blobs. |
| Upload Integrity (SHA-256) | The server-side verification process where Inheribase independently computes the SHA-256 hash of uploaded file data and rejects any upload where the hash does not match the client-submitted fingerprint. |
| Key Derivation | The process of generating encryption keys from user credentials. Inheribase derives keys locally — they are never stored or transmitted. |
| Passkey | A FIDO2/WebAuthn credential used for authentication. Passkeys are phishing-resistant, hardware-backed, and replace traditional passwords. |
| FIDO2/WebAuthn | An open authentication standard that enables passwordless login using hardware security keys or platform authenticators (Touch ID, Face ID). |
| TLS 1.3 | Transport Layer Security version 1.3. The latest protocol for encrypting data in transit between your browser and Inheribase servers. |
| Recovery Codes | One-time backup codes provided at account creation. Used for emergency access if all other authentication methods are lost. |
SSS presets
| Term | Definition |
|---|---|
| Standard Preset (2-of-3) | The default guardian configuration. Your vault key is split into 3 shares; any 2 are required to reconstruct it. Suitable for most users. |
| Enhanced Preset (3-of-5) | A higher-security guardian configuration. Your vault key is split into 5 shares; any 3 are required. Recommended for high-value estates. |
| Share | A single encrypted fragment of the vault key, distributed to one guardian. A share alone is mathematically useless. |
| Threshold | The minimum number of guardian shares required to reconstruct the vault key (e.g., 2 in a 2-of-3 configuration). |
Release and triggers
| Term | Definition |
|---|---|
| Release Trigger | The condition that initiates the vault release sequence. Options: Dead Man’s Switch, Manual Release, or Guardian Claim. |
| Dead Man’s Switch (DMS) | An automatic release trigger activated by prolonged owner inactivity. If scheduled check-ins are missed beyond the grace period, the release sequence begins. |
| Manual Release | A release trigger activated directly by the vault owner. Used for planned handovers during the owner’s lifetime. |
| Guardian Claim | A release trigger where a majority of guardians vote to initiate release. Provides a human-layer verification step. (Roadmap) |
| Contestation Period | A mandatory safety window (30 days by default, configurable from 14–180 days) after a release is triggered, during which the vault owner can cancel the release. No data is delivered to heirs until this window closes. |
| Check-In | A periodic liveness confirmation. Any authenticated interaction with Inheribase (dashboard login, API call, MCP check_in) resets the Dead Man’s Switch timer. |
| Quiescence | A state of detected inactivity. When the protocol detects no owner activity beyond the configured threshold, it enters the contestation period. |
| Succession Event | The confirmed transition of vault ownership from the original owner to designated heirs, after all release conditions and contestation periods have been satisfied. |
Vault states
| State | Definition |
|---|---|
| Active | The vault is operational. The owner has full access and all settings are configurable. |
| Hibernating | The vault is frozen due to depleted Vault Credits (after the 7-day grace period expires). Data remains permanently stored on Arweave, but the Dead Man’s Switch is paused, uploads are blocked, and no automated releases will fire. All settings, guardians, heirs, and triggers are preserved. Any deposit — from the owner or any third party — reactivates the vault immediately. |
| Releasing | A release trigger has fired and the contestation period is active. The owner can still cancel. Heirs have not yet been notified. |
| Released | The contestation period has elapsed. Heirs have been notified and can claim access to the decrypted vault contents. |
Storage and infrastructure
| Term | Definition |
|---|---|
| Arweave | A decentralized, permanent data storage network. Data stored on Arweave is backed by a sustainable endowment model designed to persist for 200+ years. |
| Blockweave | Arweave’s data structure — a block-linked web of transactions where miners must prove access to historical data to earn rewards, creating economic incentives for permanent data retention. |
| Transaction ID (TXID) | The unique identifier for a file stored on Arweave. TXIDs allow direct retrieval of encrypted data from any Arweave gateway, even without Inheribase. |
| Arweave Gateway | A network endpoint (e.g., arweave.net) for reading and writing data to the Arweave network. |
| Base Mainnet | An Ethereum Layer 2 network used by Inheribase for identity orchestration and protocol logic. |
| Permaweb | The permanent web built on Arweave, where data is stored immutably and accessible via standard HTTP. |
Authentication and identity
| Term | Definition |
|---|---|
| Alchemy Account Kit | The identity infrastructure Inheribase uses for embedded wallet creation and passkey management. |
| Embedded Wallet | A blockchain wallet created automatically for each Inheribase user, managed through passkey authentication rather than seed phrases. |
| Vault Identity Mint | The initial account creation step ($0.99) that establishes your on-chain identity and vault foundation. |
AI and developer integration
| Term | Definition |
|---|---|
| Model Context Protocol (MCP) | An open standard for connecting AI assistants to external tools and data sources. Inheribase’s MCP server enables local AI agents to interact with your vault. |
| Heritage Assistant | Inheribase’s term for an AI agent connected via MCP that helps users manage their digital estate under human direction. |
API Key (sk_human_) | A full-access API key for trusted personal environments. Grants unrestricted vault access. |
API Key (sk_agent_) | A scoped API key with restricted permissions. Designed for shared or automated environments where limited access is appropriate. |
store_asset | MCP tool that encrypts and uploads a file to the vault. Returns an Arweave TXID. |
check_status | MCP tool that retrieves vault state, release timeline, and liveness information. |
check_in | MCP tool that resets the Dead Man’s Switch timer (performs an Audit Pulse). |
Abbreviations
| Abbreviation | Full form |
|---|---|
| AES | Advanced Encryption Standard |
| DMS | Dead Man’s Switch |
| GCM | Galois/Counter Mode |
| MCP | Model Context Protocol |
| SSS | Shamir’s Secret Sharing |
| TXID | Transaction ID (Arweave) |
| FIDO2 | Fast Identity Online version 2 |
| WebAuthn | Web Authentication API |
| TLS | Transport Layer Security |
| GDPR | General Data Protection Regulation (EU) |
| CCPA | California Consumer Privacy Act |