Cipherise is revolutionary. Unlike the current dated system of using passwords to login, we’ve created a mobile phone based authentication model that lets users regain control around how their private credentials are used.
With Cipherise, users no longer have to worry about the complexity of multi-factor authentication as this is assured without user overhead, nor the risk that their credentials might be compromised via the increasingly more common centralised data breach attacks. They also benefit from not needing to remember multiple usernames and passwords for every system that they access as the Cipherise solution consolidates all access into a single risk based user experience.
From another lens, Cipherise offers the business a streamlined, decentralised authentication model that significantly simplifies the employee and customer login experience. It does this whilst improving the overall security posture by removing many of the attack surfaces that traditional centralised authentication solutions suffer from.
Cipherise gives both users and service providers peace of mind through a revolutionary authentication system that is loved across every level of an organisation. Why? Because it is simpler to use than any other login process, and gives everybody complete assurance that whoever is logging into your systems are who they say they are.
Strong authentication is becoming an increasingly necessary part of our online world as methods of hacking and exploits become more sophisticated and targeted. However, this cannot be a frustrating method as users will not accept additional complexity when trying to login, nor follow advice that they should only access systems from corporate approved devices. Furthermore, they should never be forced to create a complex, hard to remember password, nor be forced to change this under some arcane security driven policy.
Businesses should also get out of the game of managing user credentials. This is a no-win scenario that requires them to maintain a honeypot of user and customer identities and protect this data from the range of ever-changing exploits hitting them. Just one breach can place an existential threat against an online channel and completely erode trust built between a business and their customers.
Imagine being able to access a system or platform by simply scanning a QR code with your phone, then be immediately logged in under an invisible Multi-Factor Authentication protocol.
No need to remember a username or password, nor transpose a one-time PIN into yet another data entry field on a screen. Furthermore, imagine that you can access a service from any machine globally, without accepting the risk that whatever you type might be being recorded by a keylogger.
Cipherise’s globally unique authentication model dramatically simplifies secure access to systems, putting every user in complete control of their personal credentials. No password is ever typed, transmitted, or even stored electronically. Thus, it cannot be compromised by any of the common password exploits such as recording, observation, brute-force, and the more insidious man-in-the-middle attack.
Cipherise consolidates secure access across multiple systems, and makes the login experience common regardless of the underlying technology platform. Users have a single and convenient method to access all their services and applications, and must actively verify their identity through a simple cognitive or biometric response to a subsequent login request.
To develop Cipherise, we challenged ourselves and re-wrote the rulebook by exploring new, innovative ways to maximise security while ensuring user-friendly access. Our team continually re-evaluate the current capability within the Cipherise platform, testing and validating its effectiveness against the continually changing exploit landscape, while remaining true to the cause of an incredibly simple user experience.
We also engage with thought leaders and analysts to critique our innovation, while also building partnerships with best-of-breed system integrators, software manufacturers, and boutique service providers who are universally fed up with the current state of authentication, and are looking to Cipherise to both improve customer experience, and concurrently, harden the offerings they take to market.
A fundamental requirement for cyber security is to ensure an organisation’s attack surface is minimized. Even a single point of failure can result in catastrophic consequences as modern attackers only need to get through the ‘front door’ before leaving exploits that infiltrate a business.
Protecting your business from cyber threats such as data breaches is crucial in today’s modern world. The real cost of such threats isn’t just monetary, but can result in loss of reputation and customer trust in your brand. With legislative changes such as Mandatory Disclosure and General Data Protection Regulation (EU) coming into effect very soon, the visibility of data breaches will become much higher, and the impact more measurable.
At a more granular level, the cost of the simple password resets can be significant, especially where this requires a call to a service desk, or the mandated password change is too frequent. A simple analysis of most organisation’s service desk calls will highlight a real ‘hard cost’ that can be eliminated with a decentralised, or self-managed, authentication platform.
Finally, the cost of disenfranchisement can be significant. Imagine spending money to create a new service, optimising the user experience, and providing real benefits to a customer channel and then putting a clumsy authentication process in front of this. It is likely that your new service may not get the oxygen it deserves as the intended audience cannot be bothered going through the login process. Furthermore, if gaining access to the service is complicated, people may completely avoid it.
Validated Intent is the assurance that any person requesting a service has both the right to access that service, and intends to access that service at that point in time.
This is a critically important difference, and is best illustrated through an example.
Imagine Jane has a password, but Bill Hacker has just obtained a copy of this from a data breach against Jane’s service provider. Through Jane’s password, Bill now has the right to access this electronic service – even though Bill is not really authorised, there is no way for the service to understand whether this is Jane or Bill.
Validated Intent addresses this problem by requiring an assertion of intent at the time of login. To an attempt to gain access, Bill asserts his stolen right but fails to authenticate as he cannot also prove intent, as Jane is the only person that can do this.
Cipherise is uniquely able to satisfy both rights and intent for every authentication transaction. The core OneTiCK method binds Jane’s login to her cognitive ability, to her personal phone, and optionally to her locally validated biometric signature.
Cipherise also acts as a responder to an authentication request that can be actively denied if Jane did not trigger this with her service provider. In this way, Cipherise ensures the system knows absolutely that the user is who they say they are.
“Absolute Trust. Simply Delivered,” lies at the core of Forticode’s mission statement, and is an underlying design principle within the Cipherise platform. Every design improvement or enhancement needs to be measured against these parameters, ensuring that they are continually balanced against each other.
As we place increasing dependence upon electronic systems and records, and these platforms are being increasingly integrated or federated, it is essential that our identity is correctly asserted for every interaction, and validated in such a way that it cannot be compromised.
Whether the driver be security, privacy, or end user experience, we need an authentication platform that can assert identity into whatever system we are trying to access, and create a binding of trust between the user and service provider where both sides have 100% certainty that they know who each other are.
Imagine a world with no user IDs or passwords. Imagine not having to sort out multiple access for students or staff. Welcome to the world of Cipherise.
Forticode has designed Cipherise to allow a single access experience for students, staff and parents. Cipherise ensures quick, secure and validated log on to required systems while also allowing access to key IP needed for the provision and consumption of educational material.
The demands of the healthcare space are well looked after by Cipherise. The system is so easy to use, yet offers a flexibility of capabilities that ensures quick, secure and validated access and audit controls essential to this category. It assists with no-action secure logon and logoff against shared systems, as well as multiple party approvals for tracked or restricted medications.
Cipherise genuinely has the ability to improve the safety of staff and patients while making their shared experience smoother, easier and more informative.
Cipherise provides the ease of use and flexibility of capabilities to ensure quick, secure and validated access controls for all the internal and external needs of Government. The ability to digitally validate intent to all access and approval requests across Logical [electronic] and Physical Assets [doors, lockers, critical infrastructure etc] ensures transparency, auditability and accountability is provided to the Government, Bureaucrats and Citizens alike.
Financial Services requires not only the highest security, it also requires the highest level of Trust. Customers trust financial institutions with all aspects of their lives. Whether it’s a home loan, sensitive personal data or every day transactions, customers trust their money and information will be safe. On top of this is an expectation that the customer experience will be seamless and convenient.
In the fully-connected world the challenges associated with establishing end to end digital trust are vast and dominantely opaque. A significant challenge is the very nature of the industry itself, with significantly large global players intertwined with micro suppliers that provide small but necessary segments. Given these small businesses are often less secure than their larger partners, they are normally more susceptible to being the point of entry into the overall collaborative logistics group.
Professional services as a result of the nature of the services and the relationships established relies on a foundation of trust. Trust in professional services is more than a demonstrated of expertise in a field, it is the establishment of a fiduciary relationship. The key components of these relationships are the sharing of data from the client to professional with complete confidence that this data is safe.
One of the most important requirement customers have of their vendors applications is one of Trust. Trust that the vendors applications used to deliver business processes work as advertised and that the data they rely on is uncompromised. A key element of delivering on these objecives is to ensure that those users accessing the vendors applications are the correct people and that bad actors aren’t able to impersonate these legitimate users.
Cipherise is the revolution in authentication that you’ve been waiting for. The Cipherise platform allows you to log on to your systems and services without ever having to surrender your credentials to anyone. Logging on is as simple as pressing a button or scanning a QR code with the Cipherise app on your own phone.
Your password is never typed in, transmitted or stored anywhere. Your credentials and by extension, your identity, are protected from identity harvesting and theft.
For the enterprise this means no more credential stores to maintain and protect, greatly reducing the risk of data breach. No more costly and cumbersome tokens. Just a simple yet powerfully secure app for your employees and customers to use.
OneTiCK is Forticode’s patented One Time Cognitive Keyboard, that allows you to enter your password without ever typing or storing it anywhere. Even if someone is watching over your shoulder as you enter your password on OneTiCK, they won’t know what that password is, or be able to replicate your authentication experience.
Login quickly and securely without having to enter your username or password, just by scanning a QR code with the Cipherise app.
WaveAuth maintains Multi-Factor Authentication in a single, frictionless experience. With Cipherise, your credentials are never entered into the browser, keeping them safe from theft, even on a malware infected machine.
Biometrics, such as fingerprint or retina scans, are most useful as a factor within a multifactor process. Cipherise utilises biometrics for a higher level of security when using the application.
Cipherise sends a notification whenever you login, keeping you aware and in control of your security. Know in real time if someone is attempting to use your login and be able to deny and report it immediately.
For an organisation, this means that Cipherise adds a layer of security at the user level by allowing employees to monitor their own authentication usage. This is in addition to the Cipherise Dashboard that allows monitoring at the admin level. This means that employees become the first line of defense against any attempted unauthorized authentication requests.
Cipherise creates the unique ability for a Service Provider to provide a targeted contextual message that is relevant to the person authenticating against their service. The real power behind this capability is that the individual has a vested interest in this service and has a very high likelihood of acknowledging the content of the delivered message. The use case for the messages content is unlimited, but can span areas such as: OH&S, Compliance and Attestation, Training, Service Availability, Public Safety Announcements, Marketing and Advertisements categories.
Cipherise has a flexible and scalable architecture that can be deployed either on premise or deployed to the cloud.
In such scenarios, Cipherise exists alongside exiting Physical Access Control Systems (PACS) and typically replaces access triggers based upon keypads, or NFC / Magnetic cards. In either case, Cipherise adds multi-factor controls to an access decision, and provides 100% attribution to anyone gaining access.
Use cases are many and varied, ranging from simple door control, to certifiable machine access, multi-party approval for controlled spaces, and access permissions based upon geo-fences, time of day, and specific network conditions.
Forticode is continuously working to expand the Connector Library. Where a Connector isn’t yet available, in-house or custom applications can be easily supported by building a lightweight integration using a Cipherise Connector Software leveraging the supported SDK’s.
Cipherise can be used to control access to physical infrastructure and premises using the common authentication experience contained within the Cipherise Mobile App. Using a trigger such as a QR code scan, an NFC read, or even proximity to a beacon, access can be granted based upon defined business rules and access roles.