How Does it Work?
How Does Cipherise Work?
Cipherise provides authentication on a user’s phone, so they can take control of their credentials. With the Cipherise app, both digital a physical systems can be accessed.
Once a user is self-enrolled to a service, authentication is easy. The user triggers the start of authentication with an action, for example scanning a QR code, then either provides their fingerprint/Face ID or presses the approve button. In high security situations, a user may be required to complete a OneTiCK (explained below).
This is simple process to the user, but behind the scenes there is more going on:
User scans QR code and lets the Service Provider know they want a session
The Service Provider asks the Cipherise Server to validate whether or not the user is authentic
The Cipherise Server asks the user to authenticate on their Cipherise App
The Cipherise Server verifies the user then notifies the Service Provider, who then gives the user a session
Four Levels of Authentication
Cipherise provides varying levels of security and essential user input based upon the risk profile of the service that they are attempting to access. This gives organisations greater control over the level of security required, depending on the level of risk associated with a service or application.
For example, if an application is deemed low risk by the organisation, users might just be presented with a notification that they have been logged in. If an application is deemed to be of higher risk, for example, involving finance, or access to sensitive data, the user may be requested to complete a biometric input or a OneTiCK challenge.
What is OneTiCK?
The One Time Cognitive Keyboard is the core element underpinning the Cipherise Security model. It is based upon a globally patented abstraction method that means a user can authenticate without ever having to directly type in their keyword.
A key strength of OneTiCK is that it natively protects against a range of password entry exploits, including record and replay (e.g. key loggers), brute force, observation, and man-in-the middle attacks.
Every time OneTiCK is presented on a user’s smart phone, the characters on the six coloured buttons are randomised. As a result, the action of entering in a keyword will produce a different pattern each time.