Glossary
BlokSec terms
Section titled “BlokSec terms”BlokCode
Section titled “BlokCode”QR code-based authentication. The user scans a QR code displayed on the login screen using the BlokSec app, then enters their PIN to complete the sign-in. The QR code contains an encrypted key that, combined with a server-held salt and the user’s PIN, enables a cryptographic signature that proves the user’s identity.
BlokKey
Section titled “BlokKey”Push notification-based authentication. When a user tries to sign in, BlokSec sends a push notification to their registered device. The user taps the notification and approves or denies the sign-in request.
BlokBadge
Section titled “BlokBadge”Proximity-based authentication using a printed or displayed QR code that represents a user’s identity. Designed for shared workstations and kiosk scenarios where a user taps or scans their personal badge to authenticate.
Account
Section titled “Account”A user’s relationship to a specific organization (tenant). One user can have multiple accounts if they belong to multiple organizations. Each account has its own cryptographic keys derived from the user’s master seed.
Application
Section titled “Application”An SSO-enabled service configured in the BlokSec admin console. Each application uses one protocol (OIDC, SAML, or WS-Federation) and has its own configuration, branding, and user assignments.
Tenant / Client
Section titled “Tenant / Client”An organization using BlokSec. Each tenant has its own admin console, users, applications, and branding. Tenants are fully isolated from each other.
Industry standards
Section titled “Industry standards”DID (Decentralized Identifier)
Section titled “DID (Decentralized Identifier)”A globally unique identifier that BlokSec generates for each user and application. DIDs are derived from cryptographic keys and don’t depend on a central authority. BlokSec uses DIDs as the primary identity anchor for users and applications.
OIDC (OpenID Connect)
Section titled “OIDC (OpenID Connect)”An authentication protocol built on top of OAuth 2.0. OIDC adds an identity layer that lets applications verify a user’s identity and obtain basic profile information. BlokSec acts as an OIDC Provider (OP), issuing ID tokens and access tokens to relying party applications.
SAML (Security Assertion Markup Language)
Section titled “SAML (Security Assertion Markup Language)”An XML-based authentication protocol commonly used in enterprise SSO. BlokSec acts as a SAML Identity Provider (IdP), generating signed SAML assertions that Service Providers (SPs) use to authenticate users.
WS-Federation
Section titled “WS-Federation”A web services authentication protocol used primarily with Microsoft products like Azure AD and Office 365. BlokSec supports WS-Federation passive sign-in for integration with Azure AD federated domains.
PKCE (Proof Key for Code Exchange)
Section titled “PKCE (Proof Key for Code Exchange)”A security extension to the OAuth 2.0 authorization code flow that prevents authorization code interception attacks. BlokSec requires PKCE (S256 method) for public clients like single-page applications.