MIRACL Trust provides fast, simple, and secure password-free multi-factor authentication (MFA), prioritizing ease of use without compromising security. Available through web browsers and mobile applications, it is a versatile option for various use cases. The MIRACL Trust platform is designed for easy integration with existing systems, while also providing the flexibility to adapt to specific needs. This allows you to create the best authentication experience for your users.
With MIRACL Trust, you can do the following:
- Authenticate users using a single-step, multi-factor protocol that requires only a four-digit PIN. MIRACL Trust enables quick and seamless authentication while maintaining strong security. The authentication protocol meets all regulatory standards for secure authentication. See more.
- Verify your users as your business requires. With MIRACL Trust, user verification is fully customisable to suit your business needs. It can include anything from email and document verification to biometrics or even offline document verification. Email verification is provided out of the box. See more.
- Reduce user authentication costs. MIRACL Trust eliminates the need for a password database, reducing the cost of maintaining and securing that database. Its PIN codes are easier to remember than passwords, lowering password reset costs. Additionally, no custom hardware is required, cutting down implementation and maintenance expenses.
- Have a streamlined authentication flow. With MIRACL Trust, your users do not need to leave your website or mobile application to authenticate. They don’t need to type a complex secret or wait for an OTP to be received.
- Integrate quickly and seamlessly. MIRACL Trust provides web and mobile SDKs that you can use for easy integration while maintaining full control.
- Integrate using OpenID Connect with low-code integration. MIRACL Trust is an OpenID Connect (OIDC) Identity Provider, so integrating with any system that supports OIDC is a matter of configuration. The built-in user verification allows you to have a fully functional authentication system without writing a single line of code, with support for desktop, mobile and cross-device authentication.
- Sign documents, transactions and actions. MIRACL Trust’s action authentication and signing allows an user to sign a message or action which can be verified later to prove authentication of the action.
# Integration
MIRACL Trust allows you to seamlessly integrate its authentication capabilities into your web or mobile applications. It provides extensive APIs and flexible SDKs to ensure fast and simple integration. The available samples and low-code configuration further streamline the integration process.
| Advanced Integration | Low-Code integration | |
|---|---|---|
| Security | Client-managed1 | Fully managed |
| Compliance | Meets all regulatory standards | Meets all regulatory standards |
| Customisation | Full | Limited |
| Integration | Using SDKs | Only configuration2 |
| Browser Client | Client JS Library | MIRACL Trust PIN Pad |
| Mobile Client | Mobile SDK | MIRACL Trust Authenticator |
| User Experience | Seamless integration | Using the provided clients |
| User Verification | Email or Custom | Email or Custom |
| Digital Signing | Seamless integration | Using MIRACL Trust DVS Web Plugin |
# Authentication protocol
The MIRACL Trust authentication protocol is a secure identity verification method designed to enhance online security and user convenience. It uses a PIN-based, single-step, multi-factor, zero-knowledge proof protocol, requiring users to present two factors simultaneously for successful authentication. All factors are established directly on the user’s device and are never transmitted over the network.
The PIN acts as a knowledge factor and is discarded immediately after being selected during registration. It remains valid only on the enrolled device. The end user enters the PIN for every authentication.
Authentication requires an enrolled device and usually follows an identity verification process that establishes trust. Multiple enrolled devices are allowed, and cross-device authentication is available.
The secret used in the authentication protocol is established during the device registration process. The PIN chosen by the user is cryptographically subtracted from the secret, and then both the secret and the PIN are discarded. As a result of the subtraction of the PIN from the secret, a token is created and stored on the device. The token is the possession factor of the authentication protocol. During authentication, the token and PIN are cryptographically combined to recreate the secret, after which the secret is discarded again. The user can authenticate repeatedly until revoked, either manually or automatically, after three failed attempts. If a device is revoked, the user must undergo identity verification to re-enrol.
At its core, the platform utilises a multi-factor zero-knowledge authentication protocol called M-PIN. For information about it, see M-PIN Authentication Protocol.
For additional information, see Authentication.
