Security and Identity Reference Architecture For Digital Banking
Zero-Trust Frameworks and Biometric Orchestration
Security in digital banking must be "Intrinsic," not an afterthought. This document outlines a Zero-Trust Architecture where no user or service is trusted by default, regardless of whether they are inside or outside the network.
The architecture integrates Identity and Access Management (IAM) with FIDO2-compliant biometrics (FaceID, Fingerprint) and hardware-based security keys. It also details the "Confidential Computing" layer, where sensitive transaction data is encrypted not just at rest and in transit, but also while "in use" within the CPU memory.
4 Views