How Does it Work?
Cipherise provides consistent and simple interactions utilising a user’s mobile phone, allowing them to take control and verify their service providers. With the Cipherise app (or a Powered by Cipherise integration into your own app), both digital and physical systems can be accessed.
Once a user is enrolled though your preferred approach (Self Service, Administrator Controlled, Email, SMS or Kiosk) a Bi-directional relationship now exists. The user can trigger an interaction via a simple action such as running an App or scanning a WaveAuth code and the organisation can also trigger an interaction via multiple push methods.
This is simple process to the user, but behind the scenes there is more going on:
User scans QR code and lets the Service Provider know they want a session
The Service Provider asks the Cipherise Server to validate whether or not the user is authentic
The Cipherise Server asks the user to authenticate on their Cipherise App
The Cipherise Server verifies the user then notifies the Service Provider, who then gives the user a session
Four levels of user interaction
Cipherise provides varying levels of security and essential user input based upon the risk profile of the service that they are attempting to access. This gives organisations greater control over the level of security required, depending on the level of risk associated with a service or application.
For example, if an application is deemed low risk by the organisation, users might just be presented with a notification that they have been logged in. If an application is deemed to be of higher risk, for example, involving finance, or access to sensitive data, the user may be requested to complete a biometric input or a OneTiCK challenge.
What is OneTiCK?
The One Time Cognitive Keyboard is the core element underpinning the Cipherise Security model. It is based upon a globally patented abstraction method that means a user can authenticate without ever having to directly type in their keyword.
A key strength of OneTiCK is that it natively protects against a range of password entry exploits, including record and replay (e.g. key loggers), brute force, observation, and man-in-the middle attacks.
Every time OneTiCK is presented on a user’s smart phone, the characters on the six coloured buttons are randomised. As a result, the action of entering in a keyword will produce a different pattern each time.