Cipherise

Cipherise™ is a ground-breaking, decentralised authentication and authorisation platform that achieves what was previously thought impossible in the world of technology. By using the Cipherise mobile app, we address the at times conflicting objectives to increase the level of security on a platform as well as remove complexity for end users. To not comprimise security or convenience is the challenge that we set ourselves and that which Cipherise delivers.

Cipherise embodies a simple approach to delivering secure engagement in both directions between end users and digital applications. It employs true multi-factor authentication while being essentially invisible to the end user. Cipherise becomes a single, secure key that enables transparency, cyber security, compliance and awareness for every interaction. Cipherise not only provides trusted access to digital systems, it can also be utilised for physical systems, such as door entry points and Internet of Things (IoT).

How Does Cipherise Work?

Cipherise allows end users to utilise their own smart phones to take control of their credentials. Using the Cipherise application on their own phone, they can authenticate their identities at any time to gain access to both digital and physical systems.

Once a user is self-enrolled to a service, authentication is very simple. A trigger starts the process, in the example below, a user is presented with a QR code to authenticate. Using the Cipherise app on their smart phone, they scan the QR code.

Although this is a simple process for the user, under the covers they are performing a very secure multi-factor authentication process. To the person authenticating, this underlying process is invisible. At no point are the user’s credentials passed through the browser, mitigating risk of credential theft via malware and phishing.

User Side
Server Side
  1. User scans QR code and lets the Service Provider know they want a session
  2. The Service Provider asks the Cipherise Server to authenticate the user
  3. The Cipherise Server asks the user to authenticate on their Cipherise App
  4. The Cipherise Server asks the user to authenticate on their Cipherise App

Adaptive Authentication

Cipherise provides varying levels of security and essential user input based upon the risk profile of the service that they are attempting to access. This gives organisations greater control over the level of security required, depending on the level of risk associated with a service or application.

For example, if an application is deemed low risk by the organisation, users might just be presented with a notification that they have been logged in. If an application is deemed to be of higher risk, for example, involving finance, or access to sensitive data, the user may be requested to complete a biometric input or a OneTiCK challenge.

Level OneNotification

No user action is required. The user receives a notification that a login has been made – based upon the knowledge proved in Cipherise at the start of the day. This level is best for low risk cases and ensures that even in events where no action is required to authenticate, the user is still notified.

Level TwoApprove Button

The Cipherise app presents the user with an approve button. Pressing the button indicates access to the phone and adds to the unique knowledge you proved with Cipherise at the start of the day.

Level ThreeBiometric

The user is presented with a biometric request (e.g. fingerprint, FaceID) within the Cipherise app. Providing a biometric validates access to the phone, in addition to pre validated unique knowledge, and verification of physical self.

Level FourOneTiCK

Cipherise asks the user to re-enter their keyword using OneTiCK. If completed successfully, this proves access to the phone, and immediately reinforces proof of unique knowledge. Level four is suggested for higher risk services or cases where highest of security is needed

What is OneTiCK?

The One Time Cognitive Keyboard is the core element underpinning the Cipherise Security model. It is based upon a globally patented abstraction method that means a user can authenticate without ever having to directly type in their keyword.

A key strength of OneTiCK is that it natively protects against a range of password entry exploits, including record and replay (e.g. key loggers), brute force, observation, and man-in-the middle attacks.

Every time OneTiCK is presented on a user’s smart phone, the characters on the six coloured buttons are randomised. As a result, the action of entering in a keyword will produce a different pattern each time.

Real Time Notification

Cipherise provides a real time prompt to the ‘owner’ of an identity that someone is attempting to login to a system or approve a transaction as them. If a user receives a notification for an action which they did not trigger, that user can immediately block that process and alert the organisation of an attempted fraudulent access attempt, in real time.

Contextual Messaging

As well as providing secure authentication, Cipherise has the added capability of allowing an organisation to send out important messages to their employees or customers. In a workplace scenario, important information such as compliance requirements, OH&S notices and general workplace announcements can be sent to all employees or specific employee groups with ease via the Cipherise mobile app.

As an organisation, if your customers are using Cipherise to log on to your services, you can send relevant contextual messages that relate to that service. For example, marketing or advertising messages could easily be sent to all customers or targeted segments within your customer base.

The most effective way to know a product is to see it in action.