Financial-grade Package
Our Financial-grade (FAPI) package is especially valuable for those who need to comply with open banking and financial grade regulations and any organization that requires an extra high level of security.
Industry Standards to Future-Proof Your Investment
The Curity Identity Server is certified to several industry standards and security profiles for financial data, including the OpenID FAPI 1.0 Second Implementer's Draft and OpenID FAPI 1.0 Advanced Security Profiles as well as FAPI CIBA. The Curity Identity Server also adheres to the OpenID FAPI 2.0 Security Profile Second Implementer's Draft and Message Signing First Implementer's Draft.
The package includes
CIBA - Client-Initiated Backchannel Authentication
Utilizing apps to smoothly and securely authenticate users has long been a challenge. A standards-based way to address this is to use Client Initiated Backchannel Authentication (CIBA) from the OpenID Foundation. It defines a decoupled flow where authentication can be initiated on one device and carried out at another. It lets people use their mobile devices to authenticate and approve transactions.
Learn more about CIBA
PAR - Pushed Authorization Requests
Pushed Authorization Requests (PAR) is an enhancement in OAuth and OpenID Connect to initiate the authorization flow from a client using request objects. It provides security and privacy improvements without implementing costly cryptography at the client-side. The client needs only minimal changes to be able to use PAR instead of a standard authorization request.
Explore PAR
JAR - JWT Secured Authorization Requests
JWT Authorization Request functionality is very useful in implementations that require high security. Using signed request objects can help when request parameters get too large to send them in the query string or where there is a need to maintain the consistency of request parameters. Additionally, it's possible to encrypt request objects where you also need to maintain privacy.
OAuth Authorization with JAR
JARM - JWT Secured Authorization Response Mode
JWT Secured Authorization Response Mode for OAuth 2.0 adds another level of security to handle responses from the Authorization Server. The Curity Identity Server supports this draft specification without any specialized configuration required. Customers can thus easily implement JARM in their clients.
Learn about JARM
HSM - Hardware Security Module
The Curity Identity Server supports the use of Hardware Security Modules (HSM) for storing keys. Use the HSM with the Curity Identity Server to sign tokens, encrypt SSL/TLS communication, and perform other sensitive operations.
HSM ExampleComply with Open Banking regulation
Achieve an extremely high-security standard
Adaptability for differing regional regulatory demands
Secure Your APIs with Tokens
Includes all the great features and benefits of the Token Service.
See Curity Identity Server in action
In this demo, we give you a comprehensive overview of the Curity Identity Server. What it is and what problems it helps you solve.
Watch Demo
Next steps
Ready to modernize IAM?
Start Today - Build security and improve ease of use to stay ahead of the competition.
