SBI DigiTrust Chooses Authlete to Build its Infrastructure Solution for Financial Institutions

SBI DigiTrust establishes API authorization service that conforms to financial-grade API security standards

Authlete, Inc., a technology leader in API authorization, today announced that SBI DigiTrust Co., Ltd. (hereinafter SBI DigiTrust), a group company of SBI Holdings, Inc., has chosen Authlete to implement an API authorization service for SBI DigiTrust’s Trust Idiom®, which enables authentication and authorization infrastructure for financial institutions.

With Authlete, SBI DigiTrust enables implementations of its API authorization service that conform to open standards in financial-grade API security quickly and securely.

“It is inevitable for service providers to adopt industry standards of FAPI and CIBA to establish a new service with financial APIs at its core,” said Fernando Luis Vázquez Cao, the representative of SBI DigiTrust. “We chose Authlete because of its strong support of the standards, deployment architecture that makes integration with our service infrastructure easier, and high level of expertise in OAuth 2.0 (OAuth) and OpenID Connect (OIDC) technology.”

Authlete provides a complete set of Web APIs to implement OAuth/OIDC servers, essential for API security. With Authlete, customers are freely able to design and implement their own OAuth/OIDC servers using their choice of programming languages as well as application frameworks. A broad range of customers including banking, insurance, healthcare, education, IoT etc. have chosen Authlete as a foundation of the identity federation and/or API authorization functions.

In financial services industry, Authlete is one of the leaders of financial API security by providing the industry-first implementations of FAPI and CIBA and gaining the FAPI certification that is run by OpenID Foundation. As the OAuth/OIDC enabler, we will be continuing to contribute the API ecosystem with the “developer-first” solution for service providers which require high level of API security.

---

*(1) FAPI (Financial-grade API)

FAPI is a set of security profiles that aim to prevent unauthorized API access e.g., fraudulent acquisition and use of access tokens, by extending OAuth/OIDC. It is expected to be adopted by industries such as financials, where higher security measures are required. Banks can take advantage of the standard to provide open APIs to third parties like Fintechs in a secure manner.

*(2) CIBA (Client Initiated Backchannel Authentication)

CIBA is a new user authentication and API authorization flow in addition to existing OAuth/OIDC ones. A device initiating the flow and another one used for user authentication and authorization are separated so that customer-centric APIs can be applicable for broad use cases from smart appliances, call centers, to user authentication using smartphones. In financial services industry, the specification is expected to extend applications of open APIs.

About Authlete

Authlete, Inc. provides a cloud-based service and on-premise software to support implementing OAuth 2.0 and OpenID Connect, which are essential standards for secure Web APIs. It has a broad range of customers worldwide, such as financial institutions, IoT, healthcare, public sectors. The company was established by Takahiko Kawasaki et al. in 2015. https://www.authlete.com

About SBI DigiTrust

SBI DigiTrust is a joint venture company established between SBI Security Solutions and NEC, striving to develop solutions for financial institutions, etc. The solutions include the sophistication of AML/CFT, advocated by the FATF, KYC and next-generation authentication. By leveraging SBI Security Solutions’ global cyber security expertise and NEC’s advanced technologies such as biometric authentication, AI and security, the company will contribute to the advancement of financial services. https://sbidigitrust.com