Active Directory (AD) / Active Directory Federation Service (ADFS)
Active Directory is a scalable, hierarchical directory service for centralized management of all resources relevant to the network. The AD uses stored usernames and passwords to manage and secure access to computers within a domain. The ADFS builds on this functionality to authenticate the user against third-party systems.
Authentication is the process of logging in to a system, which identifies and verifies the identity of the user. In the simplest case, this is done via username and password.
The authorization is the granting of special rights - for example at the end of a registration process. Even if the identification of a person has been successful, it does not automatically mean that that person may use the services provided. This is decided by the authorization i. e. the access rights.
API / Programming Interface
API stands for Application Programmer Interface. The API is an important interface for programmers between the device (hardware) to be programmed and the software. It therefore connects software and hardware components, such as applications, hard disks or user interfaces, and makes software readable for various components.
Biometrics is an authentication method used to identify users using biological characteristics. For authentication, e.g. Face, fingerprint, eye iris or voice can be used. A biometric scanner reads the biological attributes of a user - e.g. his face - and converts the result into digital information, which can then be interpreted and verified by a software program during the authentication process.
A person's face, voice or fingerprint are biometrically unique and are therefore also used for secure verification. They also contribute reliably to the protection against identity theft, fraud and data misuse..
User Self Service
Via a user portal, registered users can self-manage their account and modify to a certain extent their corresponding database entry. This allows, for example, for changing passwords, or restoring of lost ones through an automated process.
Big Data analytics tools learn algorithms and thereby identify many different email IDs of a customer that actually belong to the one and same customer. Only a single identity of the customer is stored.
Analytical procedures and models, above all, are used to keep off fraudulent transactions in the digital environment. Based on Big Data technology, detection systems are developed that detect and stop fraudulent behaviors and handling patterns or initiate countermeasures - in real time.
In simple terms, cloud software is a service that, like other computing services (database, network components, storage, etc.), is provided through the cloud, the Internet. Companies that provide these computing services are referred to as cloud providers and typically charge for cloud computing services based on their usage, just as you are for your home's water and power consumption.
Customer Identity Management
The key features of Customer Identity and Access Management are to uniquely identify users, securely manage user accounts and access privileges. In addition, the collected data of user habits and needs can be used for direct, individual customer dialogue.
Device Management stands for the management of approved devices based on device information such as browser, operating system, device type e.g. Smartphone, tablet, etc.
One Time Password OTP)
An OTP (One-Time Password) is an automatically generated number or alphanumeric string that authenticates a user to a single session. One-time passwords are used as substitutes or as additions to the authentication in order to give this another security layer.
An identity is the unique identifier of a person, organization, resource or a service along with optional additional information (e.g., permissions, attributes). The identity encapsulates uniquely attributable characteristics.
Identity Management (ID Management) is the administration task that deals with the identification of individuals in a system (e.g. country, network or company). It controls the access of individuals to a resource within the system by comparing user rights and constraints with the established identity.
Identity and Access Management (IAM) is the generic term used to describe the processes within an organization that manage and maintain user accounts and resources on the network, including authorization management for application users and systems.
Interceptor is a software development design template for extending a framework or middleware without the need to change this in itself. This falls under the category of behavioral patterns – i.e. design patterns to model complex behavior in software development.
JWT (Json Web Token) is an open standard that enables a compact and self-contained way to securely transfer information between parties on the Web as a JSON object. This token can be verified and is trusted because it is digitally signed using a different standard - JWS (Json Web Token Signature). In the token's payload, additional information could be placed in self-defined data fields, the content of which can be transmitted encrypted using another standard JWE (Json Web Encryption). JWT is used on the Web as a standardized way to realize SSO and secure transmission of information between parties involved (API consumers, applications, ..).
The Lightweight Directory Access Protocol (LDAP) is a network protocol used to perform queries in a distributed directory service. LDAP systems can be integrated as a login provider into an existing LDAP system of a company, and access rights of internal and external users can be securely checked. Access to company accounts can thus be made available not only to employees, but also, for example, to customers online.
Multi-factor authentication (MFA) is a technique that uses the combination of two or more credential proofs (factors) to validate user identities. Factors could be:
- Physical possession: for e.g. a bank card
- Knowledge: e.g. a password
- Biometric data such as fingerprint, face scan
OAuth2 is an open security protocol that allows standardized and secure API authorization for desktop, web and mobile applications. To protect API interfaces and grant access only to authorized clients, the OAuth2 protocol has become the standard worldwide.
Authentication mechanism that allows users to log in and access their resources / servers without having to remember passwords. Instead of entering a password, the user receives a One-Time-Password (OTP) to their registered e-mail, or registered mobile number. By using the OTP, the user can log in and can access his resources / services.
PSD2 (Payment Services Directive 2) is an EU Directive of the European Commission for the regulation of payment services and payment service providers throughout the European Union (EU) and the European Economic Area (EEA). PSD2 replaces the Payment Services Directive (2007/64 / EC) PSD from the 13 November 2017 and is valid from the 13 January 2018.
Specifically, with PSD2, the EU regulates:
- Higher security requirements for payment processing and account access (2-factor authentication with independent devices)
- AISPs (Account Information Service Providers) receive direct access to account data.
- PISPs (Payment Integration Service Providers) receive account access and can trigger payments.
A Software Development Kit (SDK) is a collection of programming tools and libraries used to develop software. It helps software developers to create applications leveraging what exists.
Single Sign-on – also called one time login enables end users to log in to all online services using a single identity. SSO allows the user, after a single login, to access all content and services of the provider in different portals / on all devices, without having to sign in again. If the user changes to another service of the provider, the access is checked by SSO. In case of a successful request, the customer gets access to these resources - Touchpoint independent.
Social login is also referred to as social sign-in. Users can easily register using their favorite social network. The user selects for the registration process, on an online portal, his preferred social media account (Facebook, Twitter, Google+, etc.), and can thus be authenticated or uniquely mapped by the website operator.