Cipherise™ is a ground-breaking, decentralised authentication and authorisation platform that achieves what was previously thought impossible in the world of technology. By using the Cipherise mobile app, we address the at times conflicting objectives to increase the level of security on a platform as well as remove complexity for end users. To not compromise security or convenience is the challenge that we set ourselves and that which Cipherise delivers.

Cipherise embodies a simple approach to delivering secure engagement in both directions between end users and digital applications. It employs true multifactor authentication while being essentially invisible to the end user. Cipherise becomes a single, secure key that enables transparency, cybersecurity, compliance and awareness for every interaction. Cipherise not only provides trusted access to digital systems, it can also be utilised for physical systems, such as door entry points and Internet of Things (IoT).

How Does Cipherise Work?

Cipherise allows end users to utilise their own smart phones to take control of their credentials. Using the Cipherise application on their own phone, they can authenticate their identities at any time to gain access to both digital and physical systems.

Once a user is self-enrolled to a service, authentication is very simple. A trigger starts the process, in the example below, a user is presented with a QR code to authenticate. Using the Cipherise app on their smart phone, they scan the QR code.

Although this is a simple process for the user, under the covers they are performing a very secure multi-factor authentication process. To the person authenticating, this underlying process is invisible. At no point are the user’s credentials passed through the browser, mitigating risk of credential theft via malware and phishing.

  • 1
    User scans QR code and
    lets the Service Provider
    know they want a session
  • 2
    The Service Provider
    asks the Cipherise Server
    to authenticate the user
  • 3
    The Cipherise Server asks
    the user to authenticate on
    their Cipherise App
  • 4
    Once verified by the
    Cipherise Server, it lets the
    Service Provider know the
    end user is verified and
    then provides a session.

Adaptive Authentication

Cipherise provides varying levels of security and essential user input based upon the risk profile of the service that they are attempting to access. This gives organisations greater control over the level of security required, depending on the level of risk associated with a service or application.

For example, if an application is deemed low risk by the organisation, users might just be presented with a notification that theyy have been logged in. If an application is deemed to be of higher risk, for example, involving finance, or access to sensitive data, the user may be rquested to complete a biometric input or a OneTiCK challenge.

Cipherise utilises 4 levels of authentication:

  • L1
    Level One:
    Notification
    No user action is required. The user receives a notification that a login has been made – based upon the knowledge proved in Cipherise at the start of the day. This level is best for low risk cases and ensures that even in events where no action is required to authenticate, the user is still notified.
  • L2
    Level Two:
    Push
    The Cipherise app presents the user with an approve button. Pressing the button indicates access to the phone and adds to the unique knowledge you proved with Cipherise at the start of the day.
  • L3
    Level Three:
    Biometric
    The user is presented with a biometric request (e.g. fingerprint, FaceID) within the Cipherise app. Providing biometric validates access to the phone, in addition to pre validated unique knowledge, and verification of physical self.
  • L4
    Level Four:
    OneTiCK
    Cipherise asks the user to re-enter their keyword using OneTiCK. If completed successfully, this proves a access to the phone, and immdiately reinforces proof of unique knowledge. Level four is suggested for higher risk services or cases where highest of security is needed.
*It is important to note that ALL authentication levels require the completion of the OneTiCK in advance, (generally the beginning of the day) to maintain “persistence” within the Cipherise application, and any additional verification factors are layered on top of this initial validation of unique knowlege.

What is OneTiCK?

The OneTime Cognitive Keyboard is the core
element underpinning the Cipherise Security
model. It is based upon a globally patented
abstraction method that means a user can
authenticate without ever having to directly
type in their keyword.

A key strength of OneTiCK is that it natively
protects against a range of password entry
exploits, including record and replay (e.g.
keyloggers), brute force, observation, and
man-in-the middle attacks.

Every time OneTiCK is presented on a user’s
smartphone, the characters on the six
coloured buttons are randomised. As a result,
the action of entering in a keyword will
produce a di erent pattern each time.

Real Time Notification

Cipherise provides a real time prompt to the ‘owner’ of an identity that someone is attempting to login to a system or approve a transaction as them. If a user receives a notification for an action which they did not trigger, that user can immediately block that process and alert the organisation of an attempted fraudulent access attempt, in real time.

Contextual Messaging

As well as providing secure authentication, Cipherise has the added capability of allowing an organisation to send out important messages to their employees or customers. In a workplace scenario, important information such as compliance requirements, OH&S notices and general workplace announcements can be sent to all employees or specific employee groups with ease via the Cipherise mobile app.

As an organisation, if your customers are using Cipherise to log on to your services, you can send relevant contextual messages that relate to that service. For example, marketing or advertising messages could easily be sent to all customers or targeted segments within your customer base.

Begin your Journey...

The most effective way to know a product is to see it in
action. Authenticate withour online Cipherise Demo and you
will see first hand the simplicity for everyday use.

DemoContact