LONDON, UK, 20 June 2013 - CertiVox, a leading provider of web 2.0 security services, today announced the launch of the M-Pin™ Strong Authentication System, the first open source, multi-factor authentication system based on proven elliptic curve cryptography, for web, cloud and mobile applications which will reduce authentication costs by up to 93% and banish username and passwords forever. The M-Pin System achieves this by turning any HTML5 browser into a strong authentication client that authenticates to the open-source M-Pin Server, which only stores one leak-proof cryptographic key, replacing the username / password database.

The M-Pin solution works like the security in an ATM: enterprises recognise users through a cryptographic key agreement, which users participate in by using a physical token saved in their browser (like the magnetic strip on your Visa card) and a PIN number (which end users choose and memorize). Just like in an ATM machine, the pin and data on the magnetic stripe (i.e., data in the browser) are combined locally to create a parameter, which is used to drive a cryptographic key agreement protocol, vetting the user’s identity with strong cryptography. Developers and service providers can secure themselves and their customers against username / password database smash and grab attacks; by removing the username / password databases full stop. The M-Pin Authentication Server, run by the enterprise or service providers, contains just one leak proof cryptographic key; if compromised, it reveals no details about end users on the system.

CertiVox has released the free Linux based M-Pin Authentication Server, HTML5 web and M-Pin Relying Party Libraries for developers so M-Pin Strong Authentication can be integrated with any web application, Single Sign On (SSO) or Identity Management (IdM) solution in use in less than an hour by connecting to an M-Pin Server instance. Additionally, the M-Pin C Client Library can be used to embed the M-Pin Protocol in any software application, and enables multiple factors of authentication to be utilised such as biometrics.

Brian Spector, CEO, CertiVox, said: "M-Pin is a game changer in the authentication industry, a true alternative to username / password authentication that scales for the web. M-Pin is an open source multi-factor authentication system that can be deployed in minutes at a fraction of the cost of existing solutions while offering a degree of security greater than many existing solutions that cost an order of magnitude more. M-Pin is the only open source authentication solution that removes the threat vulnerability of username / passwords at the client and server level and replaces it with two-factor authentication based on a strong cryptographic protocol built for tomorrow’s internet."

Parallels, a key partner of CertiVox, will use M-Pin as the default strong authentication provider for Parallels Automation. "CertiVox M-Pin technology enables Parallels service providers to offer secure multi-factor authentication and credential protection for cloud service offerings, said Alex Danyluk, senior director, Automation Marketing, Parallels. "This helps enable SMBs to have secure access to a wide variety of APS enabled ISVs."

Javvad Malik Senior Analyst at 451 Group commented "With the removal of Usernames and Passwords and replacing these with an ATM machine style PIN for HTML browsers; CertiVox brings strong authentication whilst simplifying the user interface. With its open source M-Pin Strong Authentication Server, we are encouraged to see CertiVox placing its trust in the developer community, seeking to address a pertinent security challenge."


About CertiVoxCertiVox is a leading web security company that provides authentication and encryption-based SaaS (software as a service) solutions to government, enterprises and individuals. For more information, visit www.CertiVox.com
Contact Name:
Marc Duke
Marketing Communications
Contact Email:
click to reveal e-mail
Contact Phone:
Company Website: