• Home
  • Turnsteel Authentication Server - Token Management Server (Turnsteel AS-TMS)

Passwords are a commonly-used method of digital security, but the humble passwords are often a security risk and can be cracked within minutes.

So if ‘passwords’ are so vulnerable, what should we do?

That's why two-factor authentication (2FA) has emerged. 2FA adds a second layer of identity verification to secure user accounts. By combining account password with a second authentication factor, attackers cannot access your account even if they obtain or crack your password.


Turnsteel Authentication Server - Token Management System (Turnsteel AS-TMS) is a two-factor authentication (2FA) solution - a type of multi-factor authentication (MFA) solution based on 3 specific factors: What you know (knowledge factor) - What you have (possession factor) - Who you are (inherence factor). Turnsteel also provides anti-phishing mechanisms and secures your user account from attackers exploiting weak or stolen credentials.

Security Practices with Turnsteel AS-TMS

Turnsteel AS-TMS can mitigate vulnerabilities inherent online, while providing differentiated identity authentication security levels based on the level of risk assigned to specific digital services - a lower identity authentication security level can be set for low-risk digital activities to facilitate user access while providing a higher level of protection for high-risk digital activities by requiring higher identity authentication security level to ensure confidence that the digital identity accessing the service is the legitimate proxy to the real-life user.

With 2 vital principles in design architecture: “High-level Security and Customized Integration" as a foundation, Turnsteel AS-TMS is able to authenticate millions of requests daily while protecting sensitive data from phishing attacks.

Key Features

Large-scale structure

A scalable cloud-based system with integrated models that can easily accommodate sudden exponential increases in the number of users, Turnsteel AS-TMS ensures continuity towards users' experience perfectly

Ease of Integration

Turnsteel works seamlessly with an array of applications. A suite of APIs is available to support different programming languages and integration with existing enterprise IT systems.

No single point of failure in a High Availability System

This principle asserts simply that no single error of the operation system can stop the entire from working. It allows running multiple application instances in one server, allows load balancing (active-active mode) and running of core modules on different appliances.

Industry Standard Authentication Levels

Turnsteel supports different authentication methods: 2FA Hardware / Software Tokens, Simple OTP, RADIUS, Transaction Signing, or Biometrics Authentication (Voice Recognition and Facial Recognition) that entities can use to tune system usability and security requirements based on risk and sensitivity of actions or transactions.


Turnsteel AS-TMS - one of few high quality authentication servers that have been successfully deployed for financial institutions and governments, adheres to international security standards at the highest state:

Unmatched Availability: 99.999% uptime (vs. 99.99% typically required by bank)

Unmatched Scalability: 450 TPS / standard host of 16vCPU with the ability to handle up to 450 requests/s

Unmatched Speed: 10ms-20ms processing time per 2FA authentication request

Unmatched Reliability & Stability: zero dropped request for any sudden surge in load (10x) vs designed

Unmatched Dynamic Session Encryption Service: data encrypted by with dynamic keys

Turnsteel AS-TMS manages access in the back-end system - a powerful authentication solution dedicated to providing security of the systems and customers. It is a highly recommended method to integrate 2FA into your authentication process.

Potential problems may arise from the end-users’ devices be it changes or upgrades of operating systems (iOS, Android), new device models, malwares on users devices, or from software vendors updating their SDKs. These can be easily resolved through our Troubleshooting Analytics Engine (TAE), which is designed to detect and resolve bugs and errors, including software problems stemming from end-users’ devices to provide "peace of mind" for any customers who deploy TAS.