Glossary for DS for Mobile
This document organizes the terms related to DS for Mobile.
MFA
**Multi-Factor Authentication (MFA)**When the user logs into the system,
It is a method that enhances security by requiring two or more different authentication methods.
- MFAis usually used by combining two or more of the following three categories.
| Authentication Element Types | example |
|---|---|
| Ownership-based (Something you have) | OTP app, mobile phone, security token |
| Knowledge Base (Something you know) | Password, PIN, Secret Question |
| Based on Unique Characteristics (Something you are) | Biometric information such as fingerprints, face (Face ID), and iris. |
MIP
**Microsoft Information Protection(MIP)**It is an integrated information protection framework provided by Microsoft that supports information protection through classification, labeling, encryption, and access control for important information such as documents and emails.
You can apply consistent security policies across the Microsoft 365 and Azure environments, enabling the secure use of sensitive information regardless of user and location.
- - IPCore Features
| Function | Description |
|---|---|
| Classification | Automatically or manually classify documents based on sensitivity (e.g., "Confidential", "Internal", "Public") |
| Labeling | Display security label at the top of the document based on classification results |
| Encryption | Restrict access permissions and apply encryption to sensitive documents |
| User Access Control | Control read/edit/copy/transfer permissions on a per-user basis |
| Activity Tracking | Document viewing/editing history and leak attempt tracking available |
DRM
**Digital Rights Management (DRM)**It is a technology to prevent illegal copying and distribution of digital content such as documents, videos, and music, and to control usage rights.
- DRMCore Features
| Function | Description |
|---|---|
| Encryption | Encrypt content so that only authorized users can access it. |
| Access Control | Restrict permissions in detail for viewing, printing, copying, modifying, capturing, etc. |
| Setting Expiration Date | Set a viewing period or enable automatic document destruction. |
| User Tracking | Log records of who accessed the document, when, and where. |
| Leak Prevention | Includes warning, restriction, or automatic deletion features when exporting externally |
SSO
SSOSingle Sign-On is an authentication method that allows access to multiple systems or services with a single login. Users can access various applications or platforms without additional login processes by entering only one set of account information (ID/PW).
- Features
-
One authentication → Automatic login to multiple services
-
Typically, a central authentication server (e.g., SHIELD ID, OAuth, SAML, etc.) verifies the user's identity.
-
Each service determines authentication status by receiving an authentication token or session information.
-
| division | Advantages | Disadvantages |
|---|---|---|
| Accessibility | Access to multiple services with a single login | Inaccessible to all services in case of central authentication server failure |
| Security | The authentication system is centralized for policy unification and ease of management. | If one account is leaked, access to all services is possible. |
| Convenience | Reducing User Password Fatigue, Enhancing UX | Logout processing difficulties – in some services, login may be maintained. |
| Operation | Efficiency of account/permission management, integration of audit logs possible | Implementation complexity exists when integrating with various systems. |