EDITOR: | June 25th, 2013

Eradicate passwords, get two-factor authentication for free

| June 25, 2013 | No Comments

June 25, 2013 (Source: PR Newswire) — M-Pin™ Strong Authentication System is finally available! Nearly a year after CertiVox introduced the M-Pin™ Protocol, it’s now available for any ISP, enterprise or SaaS solution provider to integrate into their environment. With both a free and enterprise tier of the M-Pin Managed Service, accessing M-Pin is in the reach of any size organization.

M-Pin™ Strong Authentication System enables true two-factor authentication for web sites and applications, based on the open source M-Pin™ Authentication Server and M-Pin™ Managed Service. The M-Pin™ Managed Service is a highly available, fault tolerant software as a service that issues cryptographic secrets to M-Pin™ Authentication Servers and Clients. The M-Pin™ Authentication Server uses just one leak-proof cryptographic key, and can’t reveal any information about your users such as identity or login details, even if the key is compromised. The M-Pin Client is just an HTML5 browser, so developers can easily integrate M-Pin into their websites and applications, enabling frictionless two-factor authentication while at the same time, removing all username / password vulnerabilities – by removing the username / password database!

M-Pin, at once, enables developers to eradicate passwords, get two-factor authentication and a better user experience, for free.

CertiVox, up to this point, has been known as the company behind the MIRACL (Multiprecision Integer and Rational Arithmetic Cryptographic Library) open source SDK, and MIRACL is the genesis of M-Pin.

As you know, today’s Internet security requires strong cryptography. Take online eCommerce, the most obvious beneficiary of strong cryptography. Since a hacker can theoretically make large amounts of money in a short amount of time hacking an ecommerce site, the motive for robbery is proportionally large as well. That’s why modern cryptography has to be bullet proof.

Modern cryptography depends largely on what is known as a “One Way Function” – a calculation easy to perform in one direction but impossible to perform in the other. The optimal algorithms that need to be implemented correctly are among the most complex in all of mathematics. Great care and expertise is required. MIRACL is known for having a range and depth of support for number theoretic cryptography, including the very recently discovered methods based on bilinear pairings.

Not surprisingly, these algorithms can be slow to compute. For maximum efficiency, assembly language patches are required to alleviate computational bottlenecks that arise. This requires specialized code that needs to be written for every different computer architecture. This is exactly what we provide with MIRACL. You can think of CertiVox’s expertise as “hot rodding” this specialized number theoretical cryptography.

That’s why MIRACL, and the solutions and services built using it, are in use in hundreds of organizations across the world, including BAE Systems, Hitachi, Intel, Panasonic, Toyota and many others. In other words, if you are employing strong elliptic curve cryptography in an embedded radio controller, or thermostat, or vehicular system with an 8-bit micro-controller, we’re the team you want onside. The cryptographers at CertiVox love that kind of challenge.

What’s this got to do with M-Pin? First, modern browsers are hobbled with JavaScript engines that are in no way built for modern cryptography, much less bilinear pairing crypto. In a modern browser, you have the ultimate constrained, and inappropriate, environment from which to run strong crypto.

Could we have met our match? Not really. For us, JavaScript / HTML5 is just another low powered, insecure computing environment we needed to master. So we employed a variety of new innovations, including CertiVox’s patented techniques such as offloading computationally intensive tasks in the browser to untrusted processors, i.e., your M-Pin Server. You can think of this as a “pairing assist”, and it’s just one of the techniques we had to put into the M-Pin Protocol to make work efficiently across a range HTML5 enabled browsers.

There’s a lot more to explain about the technology under the hood that Dr. Michael Scott and other CertiVox staff members will go into on other blog posts, as we will no doubt have to. The M-Pin™ Strong Authentication System is such an upgrade in user experience; it would be understandable to think that mechanics of the M-Pin Protocol are simple as well. But make no mistake, M-Pin is a complex, state of the art protocol, albeit, one that has been peer reviewed for well over a decade. The true innovation is that this complexity is obfuscated away from the end users and administrators of the M-Pin System. The M-Pin Client UI is simply an ATM style pin pad in an HTML5 browser. The M-Pin Server contains just one cryptographic key, with no state to maintain or complex workflows.

CertiVox has made the source code for the M-Pin Server, and all relying party libraries, available on GitHub under the permissive BSD license. We took this decision for a number of reasons. First, we believe passionately in the open source ethos. Second, we did this so anyone can review the inner workings of the M-Pin Protocol at the deepest level. We understand M-Pin is a paradigm shift, and that the claims it makes will demand investigation, as well it should. Lastly, we did this so that any developer can integrate, adopt and modify the M-Pin code at will to fit their requirements.

We hope that M-Pin will be adopted by the developer community, and that two-factor authentication, eradicating the username / password database, and a better user experience can be a benefit to organizations where this level of strong security and innovation wasn’t within reach previously.

The people at CertiVox are encouraged that M-Pin continues to be adopted and integrated with first rate solutions like Parallels Automation, the largest cloud orchestration solution in the market today.

In future blog posts, we will cover the inner workings of the M-Pin™ Protocol, the ease of integrations with your favorite web apps, and what’s next on the M-Pin roadmap. In the interim, we invite you to download the M-Pin Authentication Server and see for yourself what M-Pin can do for you.



InvestorIntel is a trusted source of reliable information at the forefront of emerging markets that brings investment opportunities to discerning investors.

Copyright © 2018 InvestorIntel Corp. All rights reserved. More & Disclaimer »

Leave a Reply

Your email address will not be published. Required fields are marked *