| Access Token | These token allows internet users to access applications, services, websites, and application programming interfaces (APIs) without having to enter their login credentials each time they visit. |
| Activation | Process to activate a user account in a KOBIL Secured App on a Device. |
| Activation OTP | One Time Password sent in Activation process via a second channel (e.g. EMail) to the user. |
| AST Client | The activated user account in a KOBIL Secured App. If a user activates his account on multiple Devices, multiple AST Clients are created. |
| AST Properties | Property values bound to user account or AST Client, stored and transported securely via Security Server. |
| AST Services | Security Server in KOBIL Shift based environments. |
| Client Monitoring | Service to collect and visualize error data (e.g. crash reports, logical errors) and performance analyzing data of apps. KOBIL recommends to use Sentry.io, available as external cloud service or on-premises. |
| Device | The smartphone of a user, where a KOBIL Secured App is installed. |
| KOBIL Digitanium | KOBIL Secured environment using SSMS on server side. |
| KOBIL Digitanium+ | KOBIL Secured environment using KOBIL IDP and SSMS on server side. |
| IDP-Token Login with AST Services | Login mode in KOBIL Shift or KOBIL Shift Lite based environments. |
| IDP-Token Login with SSMS | Login mode in Digitanium+ based environments. |
| KOBIL IDP (aka Identity Provider) | Identity Provider based on Keycloak, extended with KOBIL Security and connected to Security Server, so only proven user devices get access to the system. It provides User authentication for Single-Sign-On for all KOBIL services, Step-up User onboarding with increasing trust levels, user consent management and user self service. |
| KOBIL Portal | Role based Web UI for manage and monitor a KOBIL Shift environment. Not used for KOBIL Digitanium or KOBIL Digitanium+, here Web UI of KOBIL IDP and SSMS is used. |
| KOBIL Security (aka KOBIL Secured) | Different client and server side techniques to protect users identity and it's data against (e.g. KOBIL Hardening shields the app against other apps, device binding, app integrity checks, PKI, obfuscation). |
| KOBIL Secured App | Apps using MC and MCW to benefit from KOBIL Security. |
| KOBIL Shift | KOBIL Secured environment using KOBIL IDP, AST Services, SCP Notifier and services on server side. In addition to KOBIL Shift Lite it also allows features for KOBIL SuperApp that are not supported with MC SDK like KOBIL MiniApp, KOBIL Connect (Chat, PDF Document Signing) and KOBIL Pay. |
| KOBIL Shift Lite | Minimal set of services to support all MC SDK features like KOBIL Security, KOBIL Transaction Signature and KOBIL Trusted WebView. |
| KOBIL Transaction Signature (aka TMS) | PKI-based transaction authorization solution. |
| KOBIL Trusted WebView (aka TWV) | Software stack to add additional security WebView inside a KOBIL Secured App, e.g. SSL/TLS certificate pinning. |
| Login | Process to login with an already activates user account. |
| Maverick | Development name of AST Services. |
| MC (aka MasterController) | Easy to use software development kit that allows the app to communicate with Digitanium, Digitanium+ or KOBIL Shift services in a secure manner. MC and all of it's sub components are written in C++. |
| MCW (aka MC-Wrapper) | API wrapper to access MC API written in C++ by apps written in iOS-Swift, iOS-Objective-C, Android-Kotlin or Android-Java. |
| MC SDK (aka MasterController SDK) | SDK package (MC and MCW), documentation and GettingStartedApps for external developer that wants to write KOBIL Digitanium, KOBIL Digitanium+ or KOBIL Shift Lite apps for iOS-Swift, iOS-Objective-C, Android-Kotlin or Android-Java. |
| Offline Token | Offline Tokens are a kind of longliving refresh token, they are used to request new Access Token and Refresh Token. |
| Pin Login with SSMS (aka 'Classic AST Login') | Login mode in Digitanium based environments. |
| Push Notification Token | Token created for an app installation, sent via MC and SSMS or SCP Notifier, so push notifications can be sent via push notification provider. |
| Refresh Token | Token to request new Access Token. |
| Registration | Process to create a user account for a user. |
| SCP Notifier | Service for KOBIL Shift to send push notifications via push notification provider (Apple's APNs, Google's FCM or Huawei's HPK) to Devices. |
| Security Server | Server side of KOBIL Security that manages and protects KOBIL Secured Apps, user identity and user data. It's included in process to create IDP-Token. |
| SSMS | Security Server and push notification service in KOBIL Digitanium or KOBIL Digitanium+ based environments. |
| Tenant | The users in our environment can be managed in separate groups where each group can be managed by their own administrator(s) - the tenant - and each group can have their own group specific apps. KOBIL Digitanium or KOBIL Digitanium+ based environments have a master tenant which can manage all the other tenants, while the Shift services provide tenants which are independant from each other. |
| Telemetry | Service to collect and visualize distributes traces of different client and server services, e.g. stored in Jaeger installation and visualized with Grafana installation. The data is used to visualize how user requests flow across services (including latency times). |