The PingID SDK authentication model uses the following definitions and conventions:
| Term | Description |
|---|---|
| Authentication server | The server that performs the first factor authentication, and connects to the PingID SDK server. Also known as the customer server. |
| Customer mobile application | A mobile native application using the PingID SDK component. |
| Customer server | A server that performs the first factor authentication, and connects to the PingID SDK server. Also known as the authentication server. |
| Device | An iOS or Android device, with an installed application (customer mobile application) using the PingID SDK component. |
| First factor authentication (1FA) | The process for securing access to a given system, that identifies the user through only one category of credentials. The most common example of this would be matching a password credential to a username. Also known as single factor authentication. |
| Multifactor authentication (MFA) | A security measure that requires more than one method of authentication from independent categories of credentials, to verify the user's identity for a login or other transaction. A device must be paired with the PingID SDK server, in order for MFA to be performed. |
| One time passcode (OTP) | A passcode that is valid for only one login session or transaction. |
| Out of band (OOB) MFA | User authentication over a network or channel which is separate from the primary network or channel. |
| Paired device | A device associated with a user in the context of an application, which has successfully completed the pairing process. A paired device is used to authenticate a user at login and step up / transaction approval. There are two types of paired devices: Primary and trusted. |
| Pairing | An operation that includes saving information about the user's device on the server side. Pairing involves exchanging keys between the device and the server, and fingerprinting the device in order to be able to verify its authenticity in future authentications. |
| Payload | A small data package created by the PingID SDK component, which is used as part of the device’s authorization. |
| PingID SDK component | A library which includes the functionality to incorporate PingID SDK based MFA capabilities into Android and iOS applications. |
| PingID SDK API | A set of APIs which are used to communicate between the customer server and PingID SDK server, and between the PingID SDK component embedded in the customer mobile application and PingID SDK server. |
| Primary device | A paired device which the user designated to be the default authenticating device. Each user can have one primary device per application. |
| QR code based authentication | A secure passwordless authentication method, where the user is authenticated when scanning a QR code on a trusted mobile device. The customer server does not need advance knowledge of who the user is (for example, first factor authentication is not required). |
| Server payload | A small data package created by the PingID SDK server, which is passed to the customer authentication server during pairing, and is then passed to the PingID SDK component in the customer mobile application. It contains instructions for pairing. |
| Single factor authentication (1FA) | The process for securing access to a given system, that identifies the user through only one category of credentials. The most common example of this would be matching a password credential to a username. Also known as first factor authentication. |
| Step up | See: Transaction approval. |
| Transaction approval | An elevated level of security, which may be required momentarily, or configured for a specific duration of time, for high value or high risk transactions. For example, a banking application may require transaction approval when doing a monetary transaction; an insurance company might require transaction approval before providing personal information to the user. Also referred to as step up. |
| Trusted device | Any device which the user paired with PingID SDK. A user may have multiple trusted devices per application, as configured by the administrator. A maximum of 15 trusted devices is allowed per application. |