When secure isn’t enough

Financial-grade Package

Our Financial-grade (FAPI) package is especially valuable for those who need to comply with open banking and financial grade regulations and any organization that requires an extra high level of security.

Financial-grade Package

Industry Standards to Future-Proof Your Investment

The Curity Identity Server is certified to several industry standards and security profiles for financial data, including the OpenID FAPI 1.0 Second Implementer's Draft and OpenID FAPI 1.0 Advanced Security Profiles as well as FAPI CIBA. The Curity Identity Server also adheres to the OpenID FAPI 2.0 Security Profile Second Implementer's Draft and Message Signing First Implementer's Draft.

The package includes

CIBA - Client-Initiated Backchannel Authentication

CIBA - Client-Initiated Backchannel Authentication

Utilizing apps to smoothly and securely authenticate users has long been a challenge. A standards-based way to address this is to use Client Initiated Backchannel Authentication (CIBA) from the OpenID Foundation. It defines a decoupled flow where authentication can be initiated on one device and carried out at another. It lets people use their mobile devices to authenticate and approve transactions.

Learn more about CIBA
PAR - Pushed Authorization Requests

PAR - Pushed Authorization Requests

Pushed Authorization Requests (PAR) is an enhancement in OAuth and OpenID Connect to initiate the authorization flow from a client using request objects. It provides security and privacy improvements without implementing costly cryptography at the client-side. The client needs only minimal changes to be able to use PAR instead of a standard authorization request.

Explore PAR
JAR - JWT Secured Authorization Requests

JAR - JWT Secured Authorization Requests

JWT Authorization Request functionality is very useful in implementations that require high security. Using signed request objects can help when request parameters get too large to send them in the query string or where there is a need to maintain the consistency of request parameters. Additionally, it's possible to encrypt request objects where you also need to maintain privacy.

OAuth Authorization with JAR
JARM - JWT Secured Authorization Response Mode

JARM - JWT Secured Authorization Response Mode

JWT Secured Authorization Response Mode for OAuth 2.0 adds another level of security to handle responses from the Authorization Server. The Curity Identity Server supports this draft specification without any specialized configuration required. Customers can thus easily implement JARM in their clients.

Learn about JARM
HSM - Hardware Security Module

HSM - Hardware Security Module

The Curity Identity Server supports the use of Hardware Security Modules (HSM) for storing keys. Use the HSM with the Curity Identity Server to sign tokens, encrypt SSL/TLS communication, and perform other sensitive operations.

HSM Example

Comply with Open Banking regulation

Achieve an extremely high-security standard

Adaptability for differing regional regulatory demands

Token-based Architecture

Secure Your APIs with Tokens

Includes all the great features and benefits of the Token Service.

See Curity Identity Server in action

See Curity Identity Server in action

In this demo, we give you a comprehensive overview of the Curity Identity Server. What it is and what problems it helps you solve.

Watch Demo

Next steps

Ready to modernize IAM?

Start Today - Build security and improve ease of use to stay ahead of the competition.