2FA (Two-Factor Authentication)
2FA is a security process in which a user is prompted to enter two forms of identification before accessing an account or system.
The first form of identification is usually a password, while the second form can be a one-time code sent to a mobile phone – or a fingerprint captured via a card or sensor.
Container / Docker
A container in the IT world refers to a virtual environment that allows applications and their dependencies to run in an isolated area. A container contains all the necessary components such as code, libraries, runtime environment, configuration files and operating system and allows developers to create, test and deploy applications in a consistent and portable manner.
Containers are an alternative to traditional virtualisation technology, which allows multiple operating systems to run on one physical hardware. In contrast, containers allow applications to run faster and more efficiently because they share only one instance of the operating system and the resources needed. Containers can also be easily scaled to provide higher availability and performance.
A well-known container management system is Docker, which allows developers to create, manage and deploy containers. Other container orchestration platforms include Kubernetes, OpenShift and Docker Swarm.
Direct printing on cards is a process in which ink is applied directly to the surface of the card. It is a simple and fast printing process that is usually used for lower print runs and print quality requirements.
In the direct printing process, the coloured printing foil is applied directly to the card.
However, direct printing can have its limitations with longer runs and high print quality requirements, as it can be more difficult to achieve consistent and accurate colours, and a white card border remains.
Overall, direct printing is a fast and effective process that is suitable for certain applications, especially when print quality is not the highest priority and shorter runs are required.
Face detection is a technology used to recognise and identify faces in images or videos. It is based on artificial intelligence and machine learning algorithms that identify faces based on features such as eyes, nose, mouth, cheekbones and other aspects.
Face detection is used in various areas such as security, surveillance, image processing, and biometric authentication.
Face Recognition is a technology used to identify and verify faces. Unlike Face Detection, which only detects the presence of faces in an image or video, Face Recognition also determines the identity of the recognised faces.
Face Recognition is based on advanced artificial intelligence and machine learning algorithms that analyse and compare faces based on features such as eyes, nose, mouth, cheekbones and other aspects. The technology can be used for biometric authentication purposes to restrict access to certain rooms or information.
Face Extraction is an image processing process that extracts faces from images or videos. This process is often performed as a precursor to Face Detection or Face Recognition.
Face extraction is based on algorithms that can identify and isolate faces in an image. There are several methods of face extraction, including the use of feature points, contours and colour segmentation. The technology can also be used to remove backgrounds or distracting elements around the face.
FIDO (Fast Identity Online) is an initiative that aims to improve authentication on the Internet by developing secure and easy-to-use standards for authenticating users. The FIDO Alliance consists of a group of companies and organisations that work together to develop and promote these standards.
FIDO is based on the use of public-private key pairs to authenticate users. Instead of logging in with a username and password, the user creates a key pair and registers the public key with a FIDO-compatible service.
When logging in, a request is then sent to the user’s device that holds the private key, and the user authenticates by signing the request with the private key.
FIDO2 is an authentication standard developed by the FIDO (Fast Identity Online) Alliance. It is an open, scalable and interoperable standard for strong authentication based on public key cryptography and biometrics.
FIDO2 enables easy and secure login to a wide range of online services and applications without users having to enter passwords or remember multiple accounts. Instead, FIDO2 uses a combination of public and private keys and biometrics to verify the user’s identity and provide secure authentication.
FIDO2 is supported by a growing number of companies and organisations, including Google, Microsoft, Amazon, Mozilla and many others. It offers greater security and ease of use compared to traditional password authentication methods.
IAM steht für “Identity and Access Management” und bezieht sich auf die Verwaltung von Identitäten und Zugriffsrechten in einem System oder einer Organisation.
Mit IAM können Unternehmen und Organisationen die Zugriffsrechte ihrer Mitarbeiter auf Ressourcen wie Daten, Anwendungen, Netzwerke und Systeme steuern und verwalten.
IAM umfasst typischerweise die Erstellung, Verwaltung und Entfernung von Benutzerkonten und Zugriffsrechten sowie die Festlegung von Richtlinien für den Zugriff auf Ressourcen. Durch die Verwendung von IAM können Unternehmen die Sicherheit erhöhen, die Compliance verbessern und die Verwaltung von Benutzern und Ressourcen vereinfachen.
ID management software
IAM stands for “Identity and Access Management” and refers to the management of identities and access rights in a system or organisation.
IAM enables companies and organisations to control and manage their employees’ access rights to resources such as data, applications, networks and systems.
IAM typically involves the creation, management and removal of user accounts and access rights, as well as setting policies for access to resources. By using IAM, organisations can increase security, improve compliance and simplify the management of users and resources.
A keyfob can be used as an alternative to a smart card in the field of access control or time recording.
Keyfobs can be used to open or close doors, gates, car parks or lifts. They can also be used in offices, schools or residential buildings as an alternative to conventional keys.
Keyfobs are easy to use, are encrypted – depending on the built-in RFID technology – and can also be used as a security feature to prevent unauthorised access to certain applications or premises..
LEGIC is a contactless smartcard technology developed by LEGIC Identsystems AG. LEGIC technology enables the wireless transmission of data between a LEGIC card and a reader and is used in various applications, such as access control, public transport, payment transactions and time recording.
LEGIC technology is characterised by its modularity, which means that different applications can be stored on one card. LEGIC cards are compatible with different readers and can also be integrated into other systems.
LEGIC has various security features, such as the encryption of data transmissions and the use of secure keys. LEGIC technology is used worldwide and is a widely used contactless smart card technology.
evolutionID GmbH is a LEGIC consultant.
LEGIC Prime is a contactless smart card technology from LEGIC Identsystems AG. LEGIC Prime technology enables the wireless transmission of data between a LEGIC Prime card and a reader and is used in various applications, such as access control, public transport, payment transactions and time recording.
evolutionID GmbH is a LEGIC Consultant.
LEGIC Advant is a contactless smartcard technology from LEGIC Identsystems AG. The technology was developed to offer higher security and flexibility than the older LEGIC technology.
LEGIC Advant enables the wireless transmission of data between a LEGIC Advant card and a reader and is used in various applications, such as access control, public transport, payment and time recording.
LEGIC Advant cards offer higher memory capacity, faster data transfer and more security features than older LEGIC technologies, such as: LEGIC Prime. The cards can also be configured for different applications and services to ensure compatibility with different systems.
LEGIC Advant cards are available with different form factors and also support contact-based interfaces such as smart card readers. The technology also offers high flexibility in the integration of third-party applications and services.
LEGIC Advant is a more advanced smart card technology and is often used in security-critical applications. It is a commonly used contactless smartcard technology and is deployed worldwide.
evolutionID GmbH is a LEGIC Consultant.
LEGIC CTC stands for “Cross Standard Transponder Chip”. It is a contactless RFID chip used in various applications such as access control, time and attendance and payment systems.
The LEGIC CTC chip is a multi-standard transponder chip that is compatible with various RFID standards such as ISO 14443A/B and ISO 15693. This allows readers from different manufacturers to read and write to the chip, enabling high interoperability and flexibility.
The LEGIC CTC chip has a high level of data security as it supports various encryption methods, including AES-128 bit encryption. This prevents unauthorised persons from accessing the stored data.
evolutionID GmbH is a LEGIC Consultant.
Mifare is a contactless smart card technology developed by NXP Semiconductors (formerly Philips Semiconductors). Mifare technology enables the wireless transmission of data between a Mifare card and a reader.
Mifare cards can be used in various applications, such as in public transport to pay for tickets, in companies to control access authorisations or as an electronic wallet for payments in shops.
There are several variants of Mifare cards, which differ in their storage capacity, transmission speed and security functions.
The best-known variants are Mifare Classic, Mifare Plus and Mifare Desfire. Mifare cards are used worldwide and are a commonly used contactless smart card technology.
Mifare DESFire is a contactless smart card technology that offers higher security than the older Mifare technologies. It was also developed by NXP Semiconductors (formerly Philips Semiconductors) and is an extension of the Mifare family.
Unlike Mifare Classic, which is based on older technology, Mifare DESFire offers stronger encryption and authentication to ensure the security of the data on the card. Mifare DESFire cards can also be used for various applications such as public transport, healthcare or access control.
Mifare DESFire cards have a larger memory capacity and support faster data transfers than Mifare Classic cards. They also have a higher security level and can store multiple applications on one card. Mifare DESFire cards are a more advanced smart card technology and are often used in security-critical applications.
No-code programming refers to the creation of applications or software without the need for traditional programming, as required when using programming languages such as Java, Python or C++. Instead, no-code tools use visual user interfaces and drag-and-drop elements to create and automate applications.
With no-code platforms, even people without deep programming knowledge can create applications. Instead, they can simply use a visual interface to click together applications or create automations. No-code tools often use a library of pre-built building blocks or templates that allow users to create application functionality without learning complex programming.
No-code programming offers a faster and more cost-effective way to create applications by reducing the need for skilled developers. Businesses and organisations can use no-code platforms to automate their internal processes, improve workflows, manage data and create custom applications.
OIDC (see also OpenID)
OIDC stands for “OpenID Connect”. It is an open standard for authentication and authorisation of users in web applications and mobile applications. OpenID Connect is based on OAuth 2.0, a protocol for authorisation exchange between web applications and application programming interfaces (APIs).
OpenID Connect provides a secure way to authenticate users without having to use separate credentials for each application. With OpenID Connect, a user can sign in to a single identity provider platform, which then forwards the user’s identity to the web applications or mobile applications the user wants to access.
The OpenID Connect protocol provides a high level of security by using various technologies and standards such as JSON Web Tokens (JWT) and Transport Layer Security (TLS). It also allows the use of multiple authentication factors, including password, biometrics and physical security keys.
OpenID Connect is supported and used by a wide range of companies and organisations, including Google, Microsoft, Salesforce and the US government. It provides a standardised method for secure and convenient authentication of users in a variety of use cases.
OSS stands for Open Security Standards and explains the description of a manufacturer-neutral, standardised data record that is exchanged between a transponder (access control medium) and the locking components of an electronic locking system. The use of OSS is limited to certain makes that are equipped with OSS-compatible locking components and OSS-compatible management software.
OCF stands for openCashFile and is a standardised card data structure that enables card system providers, such as POS and vending machine suppliers, to work according to the same structures. The advantages are primarily for the end customer. After completion of the respective project, the end customer has control over the access keys, finds a lower system complexity and has a larger choice of suppliers.
On-Premises or On-Prem (= on one’s own premises, on-site / local) refers to a usage and licensing model for server-based software.
In the case of commercial on-premises software, the licensee purchases or rents software and operates it under his own responsibility on his own hardware, possibly in his own data centre or on rented servers of a third-party data centre, in any case on hardware that is not provided by the software provider.
OpenID (Software Development Kit, see also OIDC)
OpenID is an open protocol that allows users to log in to different websites and services without having to register with each individual service.
Instead of having to log in to each service with a separate username and password, the user can log in to an OpenID provider once and then use their OpenID identity credentials to log in to other services.
The idea behind OpenID is to create a user-friendly way to interact with different services on the Internet without having to register and log in to each service individually. OpenID can also be seen as a kind of single sign-on system, as it allows the user to log in to different services with only one user name and password.
Optical encoding of ID cards is a process for creating machine-readable optical codes on plastic cards that can be used for various purposes such as identification or access control. Optical encoding can be done at different levels, e.g. by adding barcodes, QR codes, Data Matrix codes or other types of optical codes to the card.
Optical encoding of ID cards allows readers to quickly and effectively read the information stored on the cards.
Barcodes are one of the most common forms of optical coding of ID cards. They consist of a series of vertical bars and spaces representing a unique combination of numbers and letters. Readers can scan the barcode and extract the information it contains, such as name, customer number or membership status.
QR codes and Data Matrix codes are other types of optical codes that can be used on ID cards. QR codes can store significantly more information than barcodes and can even contain links to websites or other digital content. Data Matrix codes are more compact than QR codes and can also be accommodated in limited space on the card.
Optical coding of ID cards plays an important role in identification and access control in various sectors, such as businesses, educational institutions, government agencies and healthcare facilities.
Passwordless authentication refers to a method of logging into an account or system without the use of a traditional password. Instead of relying on a password that a user must memorise or keep track of, passwordless authentication uses other forms of identification, such as biometric factors (e.g. fingerprints or facial recognition) or possession of a physical device (e.g. a security key or mobile phone) to verify a user’s identity. This approach can provide a more secure and convenient way for users to access their accounts and can help reduce the risk of password-related security breaches.
PC login refers to the process by which a user logs on to a computer or other device with their credentials.
In some cases, “PC login” may also be used to refer to specific software that automates or simplifies the process of logging on to a computer or network.
Such a software application can be a single sign-on (SSO) solution, for example.
Physical Identity and Access Management (PIAM) refers to a system for managing access to physical resources such as buildings, rooms, equipment and other critical infrastructure. It is a type of Identity and Access Management (IAM) that focuses on the physical aspects of security and aims to control and monitor people’s access rights to specific physical resources.
PIAM systems can use various technologies such as biometric authentication (e.g. fingerprint, facial recognition), smart cards, RFID, key cards and passwords to control access to physical resources. The system can also implement policies and workflows that govern the authorisation of access to physical resources, as well as managing visitor access, monitoring activities and generating reports and audits.
PIAM is particularly important for companies and organisations that need to protect sensitive data or critical infrastructure, as it allows them to manage and monitor access to physical resources in a secure and controlled way. PIAM can also help ensure compliance with security standards and regulatory requirements.
In summary, PIAM software is an important technology for companies that need effective physical access control. The software automates the process of identity verification and access control to ensure that only authorised people have access to protected premises. PIAM software also provides enhanced security by verifying the identity of individuals before granting access and recording all access activity to quickly respond to suspicious activity.
PIAM software enables organisations to manage physical access to buildings, facilities and premises. The software automates identity verification and access control processes to ensure that only authorised people have access to protected areas.
PKI standsProof of Concept (POC) is a term from the field of product development and refers to the creation of a prototype or simple version of a product or idea to show that it can work in practice.
A POC is often created to test an idea before a full product is developed. It can also be used to demonstrate the feasibility of an idea or to explore the impact of a new technology on a particular problem.
Usually, a POC is not fully developed and cannot be fully functional. Instead, it is only intended to show that an idea is feasible and that it might be worth investing in further. A POC can help save time and resources by identifying early problems or difficulties that need to be addressed before a full product is developed. for Public Key Infrastructure and refers to a collection of technologies, standards, protocols and services that enable digital certificates and associated public and private keys to be generated, managed, distributed and validated. PKI is often used to securely transmit information and secure transactions in various fields such as e-commerce, e-government and e-health.
A PKI consists of various components, including a certification authority (CA), which issues digital certificates, and a registration authority (RA), which identifies users and verifies their identity before a certificate is issued. The certificate contains the user’s public key, which can be used by others to send encrypted information to or verify digital signatures from the user.
By using PKI, trusted communications can be established between different parties as the integrity, confidentiality and authenticity of messages are guaranteed. PKI is also often used in conjunction with other security protocols such as SSL/TLS or IPSec to ensure secure and encrypted transmission of information.
Proof of Concept (PoC)
Proof of Concept (POC) is a term from the field of product development and refers to the creation of a prototype or simple version of a product or idea to show that it can work in practice.
A POC is often created to test an idea before a full product is developed. It can also be used to demonstrate the feasibility of an idea or to explore the impact of a new technology on a particular problem.
Usually, a POC is not fully developed and cannot be fully functional. Instead, it is only intended to show that an idea is feasible and that it might be worth investing in further. A POC can help save time and resources by identifying early problems or difficulties that need to be addressed before a full product is developed.
A REST API (Representational State Transfer Application Programming Interface) is an interface for software applications based on the REST architectural style. REST is a concept for designing distributed systems in which resources (e.g. data, functions or services) are uniquely identified via uniform interfaces and can be manipulated by using standard HTTP methods such as GET, POST, PUT and DELETE.
A REST API allows applications to access these resources by sending HTTP requests to a server, which then returns or manipulates the requested resources. RESTful APIs are popular because they are lightweight and scalable, and are also used by a wide range of client and server systems, regardless of the programming language or operating system used.
Retransfer card printing
Retransfer card printing is a printing process used in the production of high quality and durable plastic cards. Unlike traditional thermal transfer or direct printing methods, where the ink is applied directly to the surface of the card, retransfer printing prints the image onto a carrier film first and then transfers it to the card.
By using this carrier foil, the image is first printed on a larger surface, making it crisp and detailed. The film is then applied to the card using a heat roller, which uses heat and pressure to permanently fix the image to the card. This produces a durable and scratch-resistant result that will not flake or fade even with prolonged use.
Retransfer card printing is often used in the production of ID cards, membership cards, employee badges and other types of plastic cards where high quality and durability are required. Retransfer card printers are typically more expensive than traditional card printers, but offer higher image quality and card durability, making them a good choice for organisations that require high-quality cards.
RFID stands for “Radio-Frequency Identification” and refers to a technology for automatically identifying and tracking objects or people using radio waves.
RFID systems consist of a reader and one or more RFID tags. The tags contain a microchip and an antenna that send signals to the reader.
RFID systems are used in a variety of applications, including identifying luggage at the airport, tracking goods in the supply chain, controlling access in buildings, managing inventory and much more.
A major advantage of RFID systems is the ability to identify objects or people without direct line of sight. In addition, RFID systems allow for quick and efficient identification of items without the need for a manual scan.
However, there are also privacy concerns associated with RFID systems, as they can be used to track people in some applications. It is therefore important that RFID systems are used in accordance with the relevant data protection policies and laws.
SAML (Security Assertion Markup Language) is an XML-based protocol used for the secure transmission of authentication and authorisation data between different systems and applications.
SAML is commonly used in corporate environments to enable Single Sign-On (SSO) by allowing users to log in once and then gain access to multiple applications and services without having to log in again. SAML is also used in other areas such as e-commerce and online education, where the seamless and secure exchange of authentication and authorisation information between different systems is critical.
SDK (Software Development Kit)
An SDK (Software Development Kit) is a collection of tools, APIs (Application Programming Interfaces) and documentation used by developers to create software applications for a specific platform or operating system. An SDK can also be referred to as a developer package.
An SDK can contain a variety of components, such as code samples, libraries, debugging tools, emulators, compilers and more. The main function of an SDK is to provide developers with all the necessary resources and tools to develop applications effectively and efficiently.
Single Sign-On (SSO) is an authentication technology that allows users to log in to an application or system once and then automatically gain access to other applications or systems without having to log in again.
With SSO, users do not have to perform multiple logins to access different applications or systems. Instead, the user authenticates once with their credentials and then automatically gains access to other applications or systems connected to the SSO system.
SSO is usually achieved by using standards such as OAuth or SAML. The user’s identity information is securely transferred between the different applications or systems without the user having to disclose sensitive information such as passwords.
SSO offers several benefits, including improved usability and productivity as users spend less time logging into different applications or systems. In addition, security risks from using weak or stolen credentials can be reduced as SSO systems typically support strong authentication methods.
SmartMX is a technical term referring to a microcontroller technology designed for use in secure smart cards, contactless payment cards, eIDs (electronic identity cards), SIM (Subscriber Identity Module) cards and similar applications. The term “MX” stands for “multifunction chip”, as these microcontrollers combine a variety of security functions and applications in a single chip.
SmartMX chips are designed to provide highly secure data processing and storage to protect sensitive information such as private keys, authentication data, biometric data and other confidential information. These chips provide excellent security measures to ensure the integrity of stored data and protect against attacks such as skimming, cloning and other forms of fraud.
Most SmartMX chips comply with international security standards, such as Common Criteria certification (ISO/IEC 15408) or EMVCo certification for payment cards. This meets the high security requirements of the applications in which they are used.
SmartMX technology has a wide range of applications, from payment and identification solutions to access to secured buildings and e-government applications.
Technical encoding of cards refers to the process of converting information on a plastic card into a machine-readable code that can be processed by card readers. Card encoding is an important step in the production of cards that can be used for various purposes such as identification, payment, access control and membership.
There are different types of encoding processes used in the technical encoding of cards, including magnetic stripe encoding, chip encoding and barcode encoding.
Chip encoding is used with smart cards or smart cards. Here, the information is stored on a small microchip on the card and can be accessed by special readers.
The technical encoding of cards is an important step in the production of cards and ensures that the cards can be read and processed correctly by card readers and other devices.
TRW-Cards (Thermo-Rewrite-Cards / Method)
Thermal rewrite cards are a type of plastic card that can be used for printing and reprinting information multiple times. These cards contain a special thermal layer that, when exposed to heat, allows ink particles to be absorbed into the card. This process allows the card to be overwritten or rewritten several times with new information while retaining the previous information.
Thermal rewrite cards are commonly used for ID cards, membership cards and other types of cards that need to be updated frequently, such as event tickets or transport passes. They are also used for printing in environments where a high number of cards need to be printed quickly, such as at a concert or event.
The printing process for a thermal rewrite card typically involves the use of a thermal printer that applies heat to the thermal layer on the card, causing the ink particles to be absorbed into the card. The card can then be rewritten several times with new information as required.
Some thermal rewrite cards can be rewritten up to 100 times, while others can be rewritten up to 500 times. Card life may vary depending on the quality of the card, the type of thermal printer used and the frequency of use.
A Trusted Identity refers to a digital identity issued by trusted sources and accepted by other parties. It is a proof of identity that is considered secure and reliable and is usually based on a combination of personal characteristics, biometric data and other proofs of identity.
A Trusted Identity is typically used to conduct secure online transactions, including access to sensitive data, online purchases, banking transactions and other types of digital interactions. It is an essential element in cybersecurity and data protection as it ensures that a person is indeed who they say they are and that their identity has been verified through reliable and secure methods.
Trusted identities are usually issued and verified by accredited organisations such as government agencies, financial institutions or other trusted entities. They can also be strengthened by new technologies such as blockchain and digital certificates to further enhance the integrity and security of identity credentials.
A workflow engine is a software component used to automate and manage complex business processes or workflows. It is a type of software engine that controls and monitors the flow of tasks and activities in a process.
The workflow engine can trigger business rules and logic based on specific events, data or conditions to perform a task or complete a process step. The engine can also provide a user interface to allow users to track the progress of the process, assign and delegate tasks, or share documents and information.
Workflow engines are commonly used in businesses and organisations to improve the efficiency and quality of business processes by automating manual workflows and minimising errors. Workflow engines can be used in various industries and use cases, such as product development, project management, customer support, finance departments or human resources departments.