TrustLeap offers an authentication platform called MULTIPASS that generates one-time passwords using mathematically proven cryptographic tools. This provides unbreakable security against attacks unlike traditional hardware tokens whose encryption keys have been broken. MULTIPASS generates random passwords through TrustLeap servers and delivers them out-of-band to users via SMS, email etc. to access cloud services. It does not require hardware tokens and provides benefits like future-proof security, lower costs and reducing vulnerabilities.

1. TrustLeapAuthentication Platform (One-Time Passwords)
MULTIPASS
www.trustleap.com
Unbreakable Passwords For Cloud Services
TODAY'S STATE OF THE ART
RSA SecurID and VASCO Digipass
dongles make 6-digit OTP (One-Time
Passwords) for use in Web applications,
VPNs, firewalls, servers or to protect rights
(multimedia, patents, contracts, etc.).
But just looking at these values sent via
public networks (and exposed on people's
desks or belts) makes it possible to identify
each dongle's secret key.
With this information, all the passwords
that a dongle will issue in the future can be
calculated in advance.
SecurID reverse-engineered in 2000 is
"easily breakable" claim experts. The
newest AES-based SecurID 800 has
been cracked in 2012 in... 13 minutes.
Some claim that SSL and static PINs make
these exposures impossible or harmless.
But SSL delegates the security chain, and
these broken OTP designs were supposed
to be safer than static PIN codes.
2 AND 3-FACTOR DONE PROPERLY
Instead of using leaking hashes made by
imperfect encryption, TrustLeap tokens are
proven as cryptanalytically unbreakable
(safe against unlimited computing power).
TrusLeap-secured data can't be attacked:
it does not expose enough information to
make it possible to break the encryption.
Intercepting tokens cannot help to guess
any future values. And altering, hijacking or
replaying sessions will just lead to bad
passwords, instantly raising alerts.
TrustLeap tokens' lifespan is also limited,
but this delay can't be used to predict
future passwords: indistinguishable from
true random data, there's nothing to break
as there's no remaining correlation to spot.
The RSA SecurID fiasco illustrates how
weak technology can cause undetectable
harm: all the RSA dongle fraudsters were
properly authenticated – by systems which
design was too weak to be trustworthy.
© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 1/4
TrustLeap

2. TrustLeap MULTIPASS
MULTIPASS RATIONALE
Rightly, the established practice of using
static passwords is discouraged: like user
names, static passwords can too easily be
guessed, stolen, reused, or passed on.
But passwords can only be safe when they
are (a) confidential, (b) unpredictable and
(c) can't be stolen nor replayed.
Two-factor authentication vendors have
provided banks, critical infrastructure, and
governments with OTP dongles breaking
all these three mandatory conditions:
To build passwords, RSA dongles and
servers must use shared secret keys.
Using imperfect encryption schemes
made it possible to recover, break, or
bypass these keys. For decades.
As similar by-design issues are found in
the PKI used to sign documents and to
authenticate users and hosts, this is a
whole generation of trusted solutions which
needs to be revisited.
Regulators incite users to invest in security
solutions so there's a need for future-proof
technologies invulnerable by-design.
MULTIPASS is a certified FIPS 140-2
authentication solution that takes great
care at not replicating any of the technical
errors made by the prior generation of
authentication systems.
HOW IT WORKS
(1) On TrustLeap servers, mathematically-
proven cryptographic tools process secure
tokens to build personalized OTPs (One
Time Passwords).
(2) Users get secure tokens on-demand via
their preferred OoB (Out-of-Band) channel
(SMS, QKD, mail, fax, etc.).
(3) Users salt tokens with their secret
UserID to access Cloud services which are
using TrustLeap servers for validation.
FEATURES
• only true random data is transmitted
(secret keys are safe by-design);
• tokens are IP-based and time-based
but can be tied to other parameters;
• OoB (Out-of-Band) delivery by SMS,
QKD, mail, fax, etc.
• uncorrelated tokens generated via
mathematically-proven unbreakable
cryptography (an exclusivity);
• safer than RSA dongles that can be
lost, stolen or broken.
BENEFITS
• future-proof: unbreakable by-design;
• no hardware dongles required;
• could be used to secure dongles;
• no infrastructure change required;
• instantly deployable on-demand;
• higher costs/benefits solution;
• safe against loss and robbery.
TRUSTLEAP SERVERS
As all transactions and user activity are
logged, administrators can audit, invoice
and comply with regulatory constraints.
TrustLeap provides by-design unbreakable
security without changing users' habits,
interfaces, or infrastructure. This helps to
reduce your operational costs and your
organization's surface of vulnerability.
© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 2/4
TrustLeap

3. ADMINISTRATION
Provisioning users on-demand:
1. user asks help desk to register ID
2. help desk adds user to its database
3. user can reach protected resources.
The whole process can be handled in less
than a minute. De-provisioning users, or
disabling users temporally is even faster.
Help desk administrators can also create
many users at once via import interfaces.
PASSWORD DELIVERY
Users accessing a protected resource:
1. user asks a one-time password (OTP)
2. the OTP is sent if credentials are valid
3. users salt the OTP with their secret
UserID to access protected resources.
OTP and UserID are secret as they don't
travel on the Internet and both are needed
to login successfully. Reply attacks fail as
each OTP is unique. Being uncorrelated
OTPs are also provably unbreakable.
Further, authentication services can be
restricted by group (or by user) hour by
hour, and day by day, all along the week.
ALERTS, AUDITS AND REPORTING
Reports covering all user, help desk and
server activity can be made by using SQL
to query encrypted (read-only) logs:
• geo-localization (users' IP address)
• action time-stamps (vs open-hours)
• user provisioning, granted IDs, etc.
• authentication/delivery failures.
Future-proof solutions protect you against
unknown threats and obsolescence.
© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 3/4
TrustLeap
OTP 75CF-1A63

4. TrustLeap
Worldwide Corporate HQ
TrustLeap
Paradiesli 17
CH-8842 Unteriberg SZ
Switzerland
Phone +41 (0)55 414 20 93
Fax +41 (0)55 414 20 67
Email info@trustleap.com
www.trustleap.com
About TrustLeap
TrustLeap, the TWD Industries AG security division, protects digital assets with cryptanalytically
unbreakable technology (safe against unlimited computing power as it is proven mathematically
that no key leaks can be exploited). The TrustLeap secure platform leverages offers of enterprise,
cloud, networking, digital media and financial services in global strategic markets.
TrustLeap lets partners and users form dynamic ecosystems where duly accredited strangers can
safely trust each-other. Establishing widespread trust enables organizations to secure their
infrastructure, raise the value of their offers and safely market their digital assets.
© 2007 - 2013 TrustLeap® / MULTIPASS® – Unbreakable Passwords For Cloud Services 4/4
TrustLeap