Glossary
This document is a compilation of terms related to DS for Mobile.
MFA
**Multi-Factor Authentication (MFA)**When the user logs into the system,\
It is a method that enhances security by requiring two or more different authentication methods.
- MFAis usually used by combining two or more of the following three categories.
| Authentication Element Types | example |
|---|---|
| Ownership-based (Something you have) | OTP app, mobile phone, security token |
| Knowledge Base (Something you know) | Password, PIN, Security question |
| Based on Unique Characteristics (Something you are) | Biometric information such as fingerprints, face (Face ID), and iris. |
MIP
**Microsoft Information Protection(MIP)**is an integrated information protection framework provided by Microsoft,
Supports information protection through classification, labeling, encryption, and access control for important information such as documents and emails.
You can apply consistent security policies across the entire Microsoft 365 and Azure environments, and
Enables the secure use of sensitive information regardless of the user and location.
- - IPCore Features
| Function | Description |
|---|---|
| Classification | Automatically or manually classify documents based on sensitivity (e.g., "Confidential", "Internal", "Public") |
| Labeling | Display security label at the top of the document based on classification results |
| Encryption | Restrict access permissions and apply encryption to sensitive documents |
| User Access Control | Control read/edit/copy/share permissions by user |
| Activity Tracking | Document viewing/editing history and tracking of leakage attempts possible |
DRM
**Digital Rights Management (DRM)**It is a technology to prevent illegal copying and distribution of digital content such as documents, videos, and music, and to control usage rights.
- DRMCore Features
| Function | Description |
|---|---|
| Encryption | Encrypt content so that only authorized users can access it. |
| Access Control | Restrict permissions in detail for viewing, printing, copying, modifying, capturing, etc. |
| Setting Expiration Date | Set the accessible period or enable automatic document destruction. |
| User Tracking | Log records of who accessed the document, when, and where. |
| Leak Prevention | Includes warning, restriction, or automatic deletion features when exporting externally |
SSO
SSOSingle Sign-On is an authentication method that allows access to multiple systems or services with a single login. Users can access various applications or platforms without additional login processes by entering only one set of account information (ID/PW).
- Features
-
Single authentication → Automatic login to multiple services
-
Typically, a central authentication server (e.g., SHIELD ID, OAuth, SAML, etc.) verifies the user's identity.
-
Each service determines authentication status by receiving an authentication token or session information.
-
| Division | Advantages | Disadvantages |
|---|---|---|
| Accessibility | Access to multiple services with a single login | Inaccessible to all services in case of central authentication server failure |
| Security | The authentication system is centralized for policy unification and ease of management. | If one account is leaked, access to all services is possible. |
| Convenience | Reduction of user password fatigue, enhancement of UX | Logout processing difficulties – in some services, the login may be maintained. |
| Operation | Efficiency of account/permission management, integration of audit logs possible | Implementation complexity exists when integrating with various systems. |