Clique
  • Ecosystem
    • Build Now
Build Now

Ecosystems

Clique Wallets
Clique Wallets
OverviewFeatures
SecurityAPIsIntegrationArchitectureFAQ

Security Overview

  • TEE (Intel® SGX): hardware-isolated enclave; keygen & signing in encrypted memory.
  • Encrypted persistence: only the enclave can decrypt.
  • Data integrity: tamper checks on load.
  • Transport: HTTPS; Secure, HttpOnly cookies.

Remote Attestation

  • Endpoints like /address include an SGX quote + an enclave signature over the `result` payload.
  • Verify quote (DCAP/IAS), check identity (MRENCLAVE/MRSIGNER), then verify signature bound to the canonical payload (UTF8(JSON.stringify(result))).
  • Publish expected identity values and rotate on enclave upgrades.

Threat Model

Mitigated

Host OS compromise; Insider key access; DB exfiltration.

Residual

Microarchitectural side-channels (patch-level dependent); Compromised client devices; Social engineering.

Best practices

Keep firmware/SGX stacks current; rate-limit OTP/OAuth; enforce IP allowlists and strict CORS.

Compliance & Deployment

  • Data protection: least-privilege access; no plaintext keys outside enclaves.
  • Deployment: Hosted (SaaS), Private Cloud (BYO), On-Prem.
  • Regions: multi-region capable (document in contract).
  • On-ramp: Coinbase KYC/AML applies where required.

Stay up to date on the latest features and releases by joining our newsletter.

© Copyright 2025. All rights reserved.

By subscribing, you agree to our Privacy Policy and consent to receive updates from our company.