Glossary
Plain-English definitions of the terms used across these docs. Aimed at a reader who is technically literate but not crypto-native. If you are unsure what a term means, look here first.
A
AML — Anti-Money Laundering. The regulatory and operational practices a financial business uses to prevent, detect, and report money laundering. In a crypto context, AML typically includes screening wallet addresses against sanctions lists and assigning risk scores to transactions.
API key. A secret string a partner backend includes in API requests to identify itself and authorise the call. In KryptoGO’s Studio platform, an API key is scoped to a single organisation and can be revoked from the Studio control panel.
Approver. In the Maker / Approver / Signer multi-signature workflow, the role that reviews a transfer drafted by a Maker and approves it for the Signer to release. See multi-signature.
Asset Pro. KryptoGO’s custodial wallet backend. A custodial wallet operated by KryptoGO on a partner’s behalf, with the multi-signature approval workflow, per-operator daily limits, and audit trail that institutional finance teams expect.
Asset Pro Order. An extension of the basic Asset Pro transfer model that captures a buy-or-sell order lifecycle: customer pays in fiat, operations confirms receipt, crypto is disbursed from custody.
B
Bitcoin. The original cryptocurrency. Operates on its own blockchain, distinct from EVM chains and Solana. Send and receive are supported in the Mobile Wallet SDK; custodial treasury support is on the roadmap.
C
Callback (also: webhook). An HTTP POST request that KryptoGO sends to a URL the partner has configured, in response to a state change. For payment intents, callbacks are signed with HMAC-SHA256.
Chain. Short for “blockchain”. A specific public ledger network — Ethereum, Arbitrum, Base, Optimism, Polygon, BNB Smart Chain, Solana, Tron, Bitcoin, and others.
Custodial wallet. A wallet whose private keys are held by a third party (in our case, KryptoGO) on the user’s or partner’s behalf. Distinct from self-custody.
Cure53. A Berlin-based independent security research firm. KryptoGO has been audited by Cure53.
E
EVM — Ethereum Virtual Machine. The execution environment used by Ethereum and a family of compatible chains (Arbitrum, Base, Optimism, Polygon, BNB Smart Chain, and others). EVM chains share an address format and a smart-contract programming model.
Embedded self-custody. A custody model in which the user’s wallet keys are split across multiple parties (the user’s device, the partner’s cloud, KryptoGO’s cloud) using Shamir’s Secret Sharing. No single party can spend funds. See Custody Options.
F
Fiat. Government-issued currency — US dollars, Taiwan dollars, Japanese yen, and so on. The opposite of crypto.
Fiat on-ramp. A flow that lets a user convert fiat (typically by paying with a card or a bank transfer) into a crypto asset.
Fiat off-ramp. The reverse — converting crypto into fiat that lands in a bank account.
H
HMAC-SHA256. A cryptographic message-authentication scheme. KryptoGO signs payment-intent webhook payloads with HMAC-SHA256, using a per-application shared secret. The partner verifies the signature before acting on the callback.
I
ISMS — Information Security Management System. A documented management framework for handling information security risk, codified in the ISO 27001 standard. KryptoGO is ISO 27001 certified.
ISO 27001 / 27701. International standards. ISO 27001 covers information-security management; ISO 27701 extends it to privacy-information management. KryptoGO holds both certifications and was the first blockchain company in Taiwan to do so.
J
JWT — JSON Web Token. A signed token that carries claims about a user. Used in our Mobile Wallet SDK for partner-initiated user authentication: the partner signs a JWT identifying its user; KryptoGO verifies the signature against the partner’s published public key.
JWKS — JSON Web Key Set. A standard endpoint format for publishing the public keys used to verify JWT signatures.
K
KMS — Key Management Service. A cloud service that stores and manages cryptographic keys. KryptoGO uses a managed KMS for the keys that protect custodial wallet data.
KYC — Know Your Customer. Regulatory practice of verifying the identity of an individual customer before allowing them to use a regulated financial service. Powered in our platform by leading IDV (identity verification) providers.
KYB — Know Your Business. The business-customer equivalent of KYC. Verifies the identity of a corporate entity, its beneficial owners, and (typically) any ultimate beneficial owners.
M
Maker. In the Maker / Approver / Signer multi-signature workflow, the role that drafts a transfer for an Approver to review.
MetaMask. A widely-used self-custody wallet that runs as a browser extension and a mobile app. Supported by our Payment SDK as one of the wallets a customer can pay from.
Mnemonic. Also called a “seed phrase”. A human-readable list of 12, 18, or 24 words that encodes a wallet’s private key. Possession of the mnemonic equals possession of the wallet.
MPC — Multi-Party Computation. A cryptographic technique that lets multiple parties compute a result (such as a transaction signature) without any single party holding the full secret. KryptoGO does not currently use MPC; we use Shamir’s Secret Sharing for our embedded-self-custody model.
Multi-signature (multi-sig). A wallet configuration in which more than one party must approve a transaction before it can be sent on-chain. Asset Pro implements a Maker / Approver / Signer multi-signature flow operationally.
O
OAuth 2.0. A widely-used authorisation framework. KryptoGO’s @kryptogo/auth SDK implements OAuth 2.0 for “Sign in with KryptoGO” flows.
On-chain. Refers to data or actions recorded on a public blockchain, as opposed to “off-chain” data held in a partner’s or KryptoGO’s databases.
P
Payment intent. A KryptoGO data object that represents one payment lifecycle: created, pending, succeeded (or expired, refunded, cancelled). Created via the Studio API; settles when the customer pays the requested amount on-chain.
Phantom. A widely-used self-custody wallet for the Solana ecosystem. Supported by our Payment SDK.
Private key. The cryptographic secret that controls a wallet. Whoever holds the private key controls the funds in the wallet.
Public key. The non-secret half of a cryptographic key pair. Wallet addresses are derived from public keys.
R
RBAC — Role-Based Access Control. An access-control model in which permissions are assigned to roles, and users are assigned to roles. The Studio control panel uses RBAC for partner-organisation operators.
S
Sanctions screening. Checking that a wallet address, an individual, or a corporate entity does not appear on a regulatory sanctions list (OFAC, EU sanctions, UN sanctions, and so on). Inline on every onboarding event and every flagged transaction in our compliance suite.
Shamir’s Secret Sharing (SSS). A cryptographic technique that splits a secret (in our case, a wallet seed) into multiple shares, of which a defined subset are needed to reconstruct the secret. KryptoGO’s Mobile Wallet SDK uses SSS to split each user’s seed into three shares: device, partner cloud, KryptoGO cloud — any two of three reconstruct.
Signer. In the Maker / Approver / Signer multi-signature workflow, the role that authorises an approved transfer for on-chain release.
Smart contract. A program deployed to a blockchain that executes when called. Used for ERC-20 stablecoin transfers, NFT minting, and many other on-chain actions.
SOC 2 Type II. An American Institute of CPAs framework for service organisations, covering security, availability, processing integrity, confidentiality, and privacy. Type II covers operating effectiveness over a defined period (typically six to twelve months), not just the design of controls. KryptoGO has completed a SOC 2 Type II examination.
Solana. A high-throughput public blockchain. Distinct from EVM chains; uses different address formats, a different account model, and different programming primitives.
Stablecoin. A crypto asset designed to track the value of a fiat currency. The two most widely used are USDC and USDT, both pegged to the US dollar.
Studio. KryptoGO’s web-based control panel for partner organisations. Used by operations, finance, compliance, and admin teams.
Studio API. The server-to-server REST API behind Studio. Authorised with an API key.
T
Travel Rule. A regulatory requirement that crypto-asset service providers exchange originator and beneficiary information when transferring assets above a defined threshold. KryptoGO supports the domestic Travel Rule in Taiwan; international Travel Rule support is expanding.
Tron. A public blockchain widely used for stablecoin (USDT) transfers, particularly in Asia. EVM-adjacent but with its own address format and signing model.
U
UBO — Ultimate Beneficial Owner. The natural person who ultimately owns or controls a corporate entity. KYB workflows typically include UBO identification.
USDC, USDT. The two most widely used dollar-pegged stablecoins. Issued by Circle and Tether respectively. Supported across all the chains in our payment platform.
V
VASP — Virtual Asset Service Provider. A regulated category of business that provides crypto-asset services. KryptoGO operates a Taiwan-licensed VASP entity.
W
Wallet. The umbrella term for any tool that holds the private key for a crypto address. Can be a software wallet (a mobile app, a browser extension) or a hardware wallet (a dedicated device).
WalletConnect. A widely-used protocol that lets a website or app prompt a user to approve a transaction in their existing wallet. Supported by our Payment SDK.
Z
(No entries — this is the end of the glossary.)
Where to go next
- For how these terms map to KryptoGO products, see Platform Overview.
- For the custody-specific terms, see Custody Options.
- For the compliance-specific terms, see Compliance & Certifications.