MIRACL Trust® Multi-Factor Authentication is a cloud-based MFA service designed for web and mobile applications, with a focus on PSD2 Strong Customer Authentication (SCA) compliance for financial services organizations. Authentication mechanism: - Uses the M-Pin Zero-Knowledge Protocol (ISO/IEC approved), enabling users to prove knowledge of a secret without revealing it - Employs pairing-based elliptic curve cryptography - Issues incomplete software tokens to user browsers or mobile apps during registration; no token alone reveals identity or system information Credential handling: - No authentication credentials are transmitted in whole form across any network - No security-related information is stored on MIRACL's servers or the customer's servers - Eliminates single points of compromise through distributed trust: two autonomous Distributed Trust Authorities (DTAs) independently generate server and client keys, neither storing full key material - Customers may host one DTA within their own infrastructure Authentication factors supported: - Possession: software token in a web browser or mobile app - Knowledge: 4-digit PIN chosen during registration - Inherence: biometrics (supported alongside existing mechanisms) Deployment options: - Web browser-based login - Mobile application login via SDKs for Android and iOS - Supports standard apps, SSO, and RADIUS app registration via the trust.miracl.cloud portal Security properties: - Resistant to database breaches and man-in-the-middle (MITM) attacks - Prevents installation on rooted mobile devices - Produces a non-repudiable audit trail of users, devices, and transactions Use cases extend beyond PSD2 to include VPN authentication, digital certificate replacement, and digital verified signatures.