How Does it Work

@import url(;

How Does it Work?

Cipherise provides consistent and simple interactions utilising a user’s mobile phone, allowing them to take control and verify their service providers. With the Cipherise app (or a Powered by Cipherise integration into your own app), both digital and physical systems can be accessed.

Once a user is enrolled though your preferred approach (Self Service, Administrator Controlled, Email, SMS or Kiosk) a Bi-directional relationship now exists. The user can trigger an interaction via a simple action such as running an App or scanning a WaveAuth code and the organisation can also trigger an interaction via multiple push methods.

This is simple process to the user, but behind the scenes there is more going on:

User Side
Server Side

User scans QR code and lets the Service Provider know they want a session

The Service Provider asks the Cipherise Server to validate whether or not the user is authentic

The Cipherise Server asks the user to authenticate on their Cipherise App

The Cipherise Server verifies the user then notifies the Service Provider, who then gives the user a session

Four levels of user interaction

Cipherise provides varying levels of security and essential user input based upon the risk profile of the service that they are attempting to access. This gives organisations greater control over the level of security required, depending on the level of risk associated with a service or application.

For example, if an application is deemed low risk by the organisation, users might just be presented with a notification that they have been logged in. If an application is deemed to be of higher risk, for example, involving finance, or access to sensitive data, the user may be requested to complete a biometric input or a OneTiCK challenge.

Level OneNotification

No user action is required. The user receives a notification that a login has been made – based upon the knowledge proved in Cipherise at the start of the day. This level is best for low risk cases and ensures that even in events where no action is required to authenticate, the user is still notified.

Level TwoApprove Button

The Cipherise app presents the user with an approve button. Pressing the button indicates access to the phone and adds to the unique knowledge you proved with Cipherise at the start of the day.

Level ThreeBiometric

The user is presented with a biometric request (e.g. fingerprint, FaceID) within the Cipherise app. Providing a biometric validates access to the phone, in addition to pre validated unique knowledge, and verification of physical self.

Level FourOneTiCK

Cipherise asks the user to re-enter their keyword using OneTiCK. If completed successfully, this proves access to the phone, and immediately reinforces proof of unique knowledge. Level four is suggested for higher risk services or cases where highest of security is needed

What is OneTiCK?

The One Time Cognitive Keyboard is the core element underpinning the Cipherise Security model. It is based upon a globally patented abstraction method that means a user can authenticate without ever having to directly type in their keyword.

A key strength of OneTiCK is that it natively protects against a range of password entry exploits, including record and replay (e.g. key loggers), brute force, observation, and man-in-the middle attacks.

Every time OneTiCK is presented on a user’s smart phone, the characters on the six coloured buttons are randomised. As a result, the action of entering in a keyword will produce a different pattern each time.