Security authentication is one of the major necessities for every organisation irrespective of its size and industry. Every day in the news you can read about data breaches, and, more than ever, enterprises are focussing on avoiding the costly and often brand damaging ramifications of such a breach. Focusing on the current weaknesses of password based systems, Tony Smales worked on a methodology to allow an authentication which was effectual, simple to use, extremely cost effective, accessible and effectively invulnerable to all known forms of hacking attack. To achieve this goal, he created Forticode in 2011 and began operating from Melbourne Australia, with the goal of giving people the freedom to authenticate safely at any time, any place, and on any device. During this time, he also created and patented the concept of “indeterminate ciphering”, working in parallel with world’s best practice encryption and PKI (Public Key Infrastructure) techniques, to elegantly solve the tri-party security (aka Two-Factor Authentication) challenge. The solution he created is now called Cipherise™
“The tri-party security challenge is such that users expect businesses and governments to look after their security and personal information without inconvenience or risk to them selves. Businesses and governments strongly wish to ensure the identity and validity of users, who are requesting services from them, as well as address the requirements of those who are in charge of governance and compliance, and that all policy and legislative requirements are enforced,” says Tony. Traditional authentication approaches can cause significant problems for at least one of the parties, or all three, if compromises or unauthorised breaches occur. Forticode solves these multiple problems for users, businesses and governments around the world in a manner that is highly secure, convenient and most importantly, simple for users to actively prove their identity. “The challenge was to make the end user stay secured in relation to their credentials. We want users to know where their credentials are, when they are being used and be protective of them by default. We achieved this by allowing users to revert to a simple password that they generally only have to enter once a day,” he adds. The password is entered through a downloaded mobile application using the patented OneTiCK system which allows people to authenticate in plain sight, any where, anytime, without fear of over the shoulder observation or key logger malware. Once it is proven that the users are in control of their mobile device via OneTiCK, this unlocks an adaptive authentication and credential management system that secures access via industry standard asymmetrical PKI validation for every authentication.
Another key benefit of Cipherise is the ability to eliminate an enterprise’s Credential Store, greatly reducing the risk of credentials being stolen via a database hack, or an internal breach. All private keys required for authentication are stored locally on an individual’s phone via the Cipherise app, and thus an enterprise no longer needs to manage the costs and risk of this central ‘honey-pot’. Cipherise also consolidates many multi-factor authentication mechanisms into a single application, and offers an ability to use a single ‘authenticator’ across multiple services and platforms.
“Forticode’s Cipherise Platform consolidates multi-factor authentication mechanisms to provide a simple, adaptive and risked based authentication solution that significantly improves a user’s ability to prove their online identity”
Forticode’s Cipherise platform offers an innovative, simple and adaptive solution for a user’s authentication needs throughout the day. “Cipherise is an ever-growing platform, initially addressing the problem of Multi-Factor Authentication for external access to IT systems via Virtual Private Network (VPN),” explains Tony. However, extending through pluggable software adaptors to the Cipherise server, or including Forticode’s IoT hardware solution, it is relatively simple to introduce Cipherise protection for almost anything, starting from desktop to database server to company’s front door. Tony adds, “Cipherise is as much about keeping the user informed of when they are going to be held accountable as it is about controlling the access.”
As a young Australian company, Forticode considers people as its most valuable asset and passionately believes in the importance of teamwork and the value of developing locally developed IP. The organisation is looking forward to releasing further software adapters for its Cipherise platform over the coming months, and will also introduce “Cipherise IoT”to extend the platform for authentication of real-world physical items in a controlled and secured manner using customised Cipherise IoT Service Provider hardware widgets.