MIRACL Technologies Limited

MIRACL Trust® ID

Use MIRACL Trust® ID to deploy secure Multi Factor Authentication (MFA, 2FA, 2+FA). A PIN code replaces the Username/Password, eliminating GDPR risk and meeting PSD2 SCA dynamic linking requirements. More secure than SMS 2-step, much cheaper and no user frustration. Mobile and Desktop friendly SaaS/Cloud integrates to any IAM platform.

Features

  • Strong Multi Factor Authentication (MFA, 2FA, 2+FA) as a service
  • Inexpensive PAYG SaaS contract with no termination notice
  • No Username/Password database, no sensitive information transmitted
  • Standards based API/SDK allows cross platform, OS independent deployment
  • Federate/offload authentication with OIDC, SAML2.0, ADFS and RADIUS
  • SAML2.0 solution allows IdP and SP initiated SSO authentication
  • Hands-off access to second device browser session via Mobile App
  • Dynamically revoke and refresh user secrets without disrupting users
  • Python, Django, NodeJS, Ruby, PHP, Java, .NET and more supported

Benefits

  • Enhance authentication security whilst improving usability
  • Meet the Strong Customer Authentication (SCA) requirements of PSD2
  • Improve User Experience (UX) reducing user churn and increasing retention
  • Reduce GDPR and Brand risks from credential hacking
  • Replace SMS two step authentication and reduce costs
  • Embed in any modern web browser/mobile app
  • Eliminate Username / Password databases
  • Zero-knowledge proof protocol = no sensitive information transmitted
  • No know practical/theoretical attacks against identity-based elliptic curve cryptography
  • Every user-device has cryptographic secret allowing dynamic linking and signing

Pricing

£0.005 to £0.05 per transaction

Service documents

Framework

G-Cloud 11

Service ID

7 6 1 1 3 5 9 3 1 4 7 9 5 4 0

Contact

MIRACL Technologies Limited

Michael Tanaka

+44 (0) 20 8191 9264

michael.tanaka@miracl.com

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Although the MIRACL Trust ID service can operate independently, it can also be integrated to Identity Access Management (IAM) platforms and link to many Single Sign On (SSO) systems.
Cloud deployment model
  • Public cloud
  • Private cloud
  • Hybrid cloud
Service constraints
No constraints in regards to cloud Authentication and Digital Signing, which is provisioned as a service with 99.95% or better up-time. Private Cloud, Hybrid Cloud or On-Premise installations subject to final specification of customer. Federation of user authentication should be done via established standards such as OIDC.
System requirements
  • MIRACL Trust ID subject to integrating the APIs and SDKs
  • Mobile app minimum version requirements: iOS 8 and Android 4.1
  • Software-only solution requiring neither a dongle nor a smartphone
  • Supports all major browsers with a consistent interface cross platform

User support

Email or online ticketing support
Email or online ticketing
Support response times
Will vary depending on the service level a client qualifies for/opts for.
The basic service offers core business hours and limited out of hours whilst the premium plus service offers a 24/7 service.
User can manage status and priority of support tickets
No
Phone support
Yes
Phone support availability
24 hours, 7 days a week
Web chat support
No
Onsite support
Yes, at extra cost
Support levels
We offer 3 levels of support:

1) A basic free service - core business hours and limited out of hours
2) A premium service - 24/7 standard service and shared account manager
3) A premium + service - 24/7 customer defined service and dedicated account manager

The level of service offered will depend on size of client (number of transactions). Clients can opt to upgrade service for a cost.
Support available to third parties
Yes

Onboarding and offboarding

Getting started
User documentation is provided and onsite training depending on client size/whether required,

The MIRACL Trust Platform utilizes a distributed cryptography scheme to ensure high security for its key-generation and authentication services. The scheme incorporates two or more Distributed Trusted Authority (D-TA) servers, which are the core of MIRACL’s distributed cryptosystem. For a typical hosted service, MIRACL provides two physically and geographically separated D-TAs for each partner. In some cases though, it is a requirement for a partner to self-host one of the D-TAs, in which case MIRACL provides an On-Premise D-TA which can be installed on the partner’s premises and hooked up to the MIRACL Trust Platform. MIRACL provides documentation to describe how to setup such an On-Premise D-TA on Windows-based servers.
Service documentation
Yes
Documentation formats
HTML
End-of-contract data extraction
N/A Service engineered to avoid GDPR risk associated with client data. No data stored of any value to customer or end-client.
End-of-contract process
SaaS offering based on PAYG invoicing with no contract notice period.

On Premise, Hybrid Cloud and Private Cloud usually 12 -36 month contract 30 day notice prior to automatic contract rollover.

Using the service

Web browser interface
Yes
Supported browsers
  • Internet Explorer 7
  • Internet Explorer 8
  • Internet Explorer 9
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
  • Opera
Application to install
No
Designed for use on mobile devices
Yes
Differences between the mobile and desktop service
Service Provider as Customer - all functions are customised from a browser. As an enterprise service we do not recommend configuring service from a mobile device.

End-User as Customer - MIRACL's M-Pin is cross platform and almost all primary functions are identical. Mobile apps can support additional functions such as daisy-chaining enrolment of devices and remotely authenticating an unsecure desktop
Service interface
Yes
Description of service interface
Service Provider Customer - all functions are customised from a browser. Users can monitor authentication/signing activity and set up new points of authentication on websites and mobile apps.

End-User as Customer - MIRACL's M-Pin authentication is as easy as entering a 4-6 digit PIN code to gain access to the protected service. Setting up new users is default by email verification but can be any process the service provider requires. All functions and features are managed on one page.
Accessibility standards
None or don’t know
Description of accessibility
Service Provider as Customer - service accessed via a browser based portal with limited graphics, no visual or audio media, use of colour or animations.

End-User as Customer - service providers have a great deal of flexibility how they integrate the service and expose it to the end clients. So they can determine the accessibility of the system taking into account platform and form of delivery.
Accessibility testing
Service Provider as Customer - we have tested with various screen readers, screen magnifiers, speech input, alternative input devices and text to speech. As a browser based portal, most assistive technologies are of some use.

End-User as Customer - service providers have a great deal of flexibility how they integrate the service and expose it to the end clients. So they can determine the accessibility of the system taking into account platform and form of delivery.
API
Yes
What users can and can't do using the API
APIs and SDKs can be used to enrol users, authenticate users to controlled services, authenticate users to multiple services (Single Sign On), irrefutably sign actions/transactions/documents and monitor all actions taken by the end-user, all services are cross-platform and delivered to the End-User via browsers or custom-built applications.

Our APIs and SDKs support open standards such as (but not limited to) SAML, OIDC, ADFS and RADIUS. We support Python, Django, NodeJS, Ruby, PHP, Go, Java, .NET and many other languages with our own SDKs and numerous additional languages using open source clients.
API documentation
Yes
API documentation formats
Other
API sandbox or test environment
No
Customisation available
Yes
Description of customisation
Users have a high degree of customisation capability given service is provisioned via APIs and SDKs. Customer has full control over User Flows for Authentication, Enrolment and Digital Signing, any service provisioned screens such M-Pin (pin entry screen) can be customised to include customer branding. Private Cloud, Hybrid Cloud and on-premise installation subject to final specification of customer and gives even more detailed control over the operation of the underlying service such as the distribution and revocation of cryptographic secrets.

Scaling

Independence of resources
Predictive auto-scaling

Analytics

Service usage metrics
Yes
Metrics types
We track all events and the metrics we provide are number of authentications by day, month, year, geographic region etc.
Reporting types
  • API access
  • Real-time dashboards

Resellers

Supplier type
Not a reseller

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Security Clearance (SC)

Asset protection

Knowledge of data storage and processing locations
Yes
Data storage and processing locations
European Economic Area (EEA)
User control over data storage and processing locations
No
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
Encryption of all physical media
Data sanitisation process
Yes
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
Data can be fetched trough the API or in CSV from the portal.
Data export formats
  • CSV
  • Other
Data import formats
Other

Data-in-transit protection

Data protection between buyer and supplier networks
Other
Other protection between networks
We don't access buyers' data! It comes to portal access, web login access and API access - TLS 1.3.
Data protection within supplier network
Other
Other protection within supplier network
We have implemented Googles BeyondCorp which means we don't have internal network that gives you access to everything. We have strong authentication to each service and VPN for sensitive infrastructure used only for administrative actions - not day to day work. Those VPNs are also protected with two factor authentication through our own service.

Availability and resilience

Guaranteed availability
If the availability of MIRACL Services for a given month is less than the applicable Uptime Commitment, Licensor will provide Partner with a credit of the Fees paid for the affected MIRACL Services for such month as follows:

4.1.1. Availability less than Uptime Commitment but at least 99.5%: 5% credit
4.1.2. Availability less than 99.5% but at least 99%: 10% credit
4.1.3. Availability less than 99% but at least 97.5%: 35% credit
4.1.4. Availability less than 97.5%: 100% credit
4.2. In the event Partner is not current in its payment obligations when an outage occurs, remedies will accrue, but credits will not be issued until payment obligations are up to date.
4.3. To receive service credits, Partner must submit a written request to billing@MIRACL.com, within 30 days after the end of the month in which the MIRACL Services failed to meet the Uptime Commitment, or the right to receive credits with respect to such unavailability will be waived.
Approach to resilience
Multiple interchangeable nodes distributed in multiple zones in single data-center.
Outage reporting
We have a metrics service which provides alerts.

Identity and authentication

User authentication needed
Yes
User authentication
2-factor authentication
Access restrictions in management interfaces and support channels
All access secured by strong 2 Factor Authentication (2FA) associated to each unique User-AccessPoint combination. Where an AccessPoint is a specific Browser-Device, Mobile etc.

Full, real time, configuration of user roles determined on a per-user basis by admin user. Ability to inactive users or enable/disable access to individual functions and groups of functions.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Other
Description of management access authentication
2-Factor Authentication tied to each User-AccessPoint combination.  Where an AccessPoint is a specific Browser-Device, Mobile etc. This enables customer to know who initiated and how they initiated access.

Service provided with  MIRACL Trust ID meaning there are no additional charges associated with adding management users or access points.

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
At least 12 months
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
At least 12 months
How long system logs are stored for
At least 12 months

Standards and certifications

ISO/IEC 27001 certification
No
ISO 28000:2007 certification
No
CSA STAR certification
No
PCI certification
No
Other security certifications
No

Security governance

Named board-level person responsible for service security
Yes
Security governance certified
Yes
Security governance standards
Other
Other security governance standards
We are Cyber Essentials certified and take a risk based approach to security governance. Currently we are implementing further policies and procedures that align with ISO27001/CSA CCM with a view to get the respective certification.
Information security policies and processes
We have a Security Policy and carry out regular risk assessment to then manage the identified risks. We also carry out internal audits that lead to continual improvement with corrective and preventative actions. Internal audits help in ensuring policies are followed. Information Security is a priority of the Company Board with regular reports being produced to keep it up to date. All reporting is done to the Information Security Officer who then reports to Company Leadership.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
We follow all the good practices both for software development and for infrastructure. We aim for everything as code (software, infrastructure, policies) approach which gives us couple of very important features of the process:
- Each change is reviewed by at least 2 people before it is accepted.
- Audit log of all changes both code or infrastructure (infrastructure is built with code).
- We can version state of the system and revert if needed.
- We can do proper Continuous Integration and Continuous Delivery (CI/CD).
Vulnerability management type
Undisclosed
Vulnerability management approach
We aim at limiting the surface that's managed by us and could be potentially vulnerable and can apply patches in mater of hours.
Protective monitoring type
Undisclosed
Protective monitoring approach
The system generates reporting information on a daily basis. Any unusual activity will result in a SAR (suspicious activity report) going to the COO.

An investigation (typically within hours) will occur.

User ID's, if a compromise is suspected, will be blocked pending further investigation.
Incident management type
Supplier-defined controls
Incident management approach
The user will report the service issue via email, or on the user portal. The incident will be logged in our incident management system.

The user will be notified by email of actions or progress made towards resolution of the incident.

Priority will be given to :
- Ensuring the service is not compromised
- Then ensuring the user is capable of accessing the service
- Finally determining the root cause analysis of the incident

No pre-determined processes exist at present, as production incidents are negligible. We will monitor for patterns and create process as appropriate.

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks
No

Pricing

Price
£0.005 to £0.05 per transaction
Discount for educational organisations
Yes
Free trial available
Yes
Description of free trial
The first 100 transactions a month are free
Link to free trial
https://trust.miracl.cloud/get-started

Service documents

Return to top ↑