4. How does our biometric fingerprint reader work?
5. Why is a biometric fingerprint reader useful?
6. Reasons to consider biometric fingerprint authentication:
7. Can I let multiple users sign in to one Windows account and register different fingerprints?
8. What happens if I lose my VeriMark™ Fingerprint Key? Can anyone steal my fingerprint data from it?
9. What is FIDO?
10. Which browsers support the FIDO framework?
11. What is the difference between FIDO and FIDO2?
12. What is the difference between Windows Hello and Windows Hello for Business?
13. What technology is used to secure my biometric information?
14. What’s the difference between Kensington’s Biometric Solutions?
1. Biometric acronyms used:
2FA: Two-Factor Authentication
AD: Active Directory
BIPA: Biometric Information Privacy Act
CCPA: California Consumer Privacy Act
CTAP: Client to Authenticator Protocol
CTAP2: Latest generation of CTAP
FAR: False Acceptance Rate
FIDO: Fast Identity Online
FIDO2: Latest generation of FIDO
FRR: False Rejection Rate
GDPR: General Data Protection Regulation
GPO: Group Policy Objects
MDM: Mobile Device Management
MFA: Multi- Factor Authentication
OTP: One-Time Password
PIN: Personal Identification Number
TPM: Trusted Platform Module
U2F: Universal 2nd Factor Authentication
UAF: Universal Authentication Framework
W3C: World Wide Web Consortium
WebAuthn: Web Authentication
2. What is Match-on-Host?
Identifies the user by making a match with a known and secured “template” or record of the user’s fingerprint.
The functions performed in software include identification of fingerprint characteristics, creation of a secure biometric asset (the fingerprint template), storage of the asset, and matching a newly created fingerprint template with the one stored on the device. The host system also provides the security required to protect the integrity and privacy of the fingerprint data.
3. What is Match-in-Sensor?
Isolates fingerprint operations away from the host OS in the sensor itself.
Even if the host is completely compromised by a successful attack of any type or origin, it is extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario.
4. How does our biometric fingerprint reader work?
VeriMark™ Fingerprint readers work by creating several templates using ridges and valleys on a finger. The information is then processed by the device's pattern analysis/matching software, which compares it to the list of registered fingerprints.
5. Why is a biometric fingerprint reader useful?
Fingerprint authentication replaces the use of passwords, SMS, and code verification. It is one of the fastest and most secure methods of authentication.
6. Reasons to consider biometric fingerprint authentication:
Unique to every user: A fingerprint consists of unique features such as ridges, valleys, and minutiae points that are unique to an individual. It is practically impossible to replicate a fingerprint, and it never changes with time unless there is an unusual occurrence.
Loss proof: Users often mis-type or forget their PINs.
Security: All biometric data is encrypted and digitally signed using strong 256-bit Advanced Encryption Standard (AES) and Transport Layer Security (TLS) technologies.
Speed: PIN authentication may take longer, and it is possible to enter the wrong code, whereas fingerprint recognition is a seamless, near-instant process.
Easy setup: With most services, users simply have to register their fingerprint once.
User experience: Allows users to log in or authenticate in an easier, faster, and more secure way.
7. Can I let multiple users sign in to one Windows account and register different fingerprints?
Yes, one Windows account can register more than one fingerprint including those of multiple users — up to 10 fingerprints in all.
8. What happens if I lose my VeriMark™ Fingerprint Key? Can anyone steal my fingerprint data from it?
Your fingerprint data is safe. You can log in to your Windows account through your regular password or PIN as a backup until you are able to replace or find your VeriMark™ Fingerprint Key.
For U2F login, you can still use your regular password with OTP phone messages to log in to your Google, Dropbox, and other accounts.
VeriMark changes your fingerprint image/file into an encrypted file through a secure algorithm so that it can be stored in your laptop’s settings. Because of this, you can purchase a replacement VeriMark™ Fingerprint Key and pick up right where you left off.
9. What is FIDO?
FIDO is a “standard” technology term, such as “Wi-Fi” or “Bluetooth.” It works on any web browser and on all your devices, including smartphones, desktop or laptop computers, tablets, and smart watches. FIDO makes logging in to your online accounts much easier, while keeping your info safe from hackers. You can find more information about FIDO here: https://fidoalliance.org/
11. What is the difference between FIDO and FIDO2?
FIDO: Provides strong authentication using Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). U2F devices use the public encryption key scheme to protect your account. The private key is stored exclusively on the U2F device and never leaves it, which makes it much more secure than SMS- and time-based 2FA methods.
FIDO2: The updated and upgraded version of its original specifications. Featuring easier adoption of secure, passwordless authentication for a wide range of online services and user devices. The main component of FIDO2 is Web Authentication (WebAuthn), developed in collaboration with the World Wide Web Consortium (W3C). WebAuthn is a set of standards and web application programming interfaces (APIs) that can add FIDO-based authentication to supported browsers and platforms.
12. What is the difference between Windows Hello and Windows Hello for Business?
Windows Hello is targeted toward the individual consumer, it replaces a PIN used on your personal device. Devices using Windows Hello are normally not joined to a domain.
Windows Hello for Business can be configured by GPO or MDM and uses a PIN backed by asymmetric (public/private key) or certificate-based authentication. By eliminating the use of hashes, the security is increased. To use this asymmetric key mode, you need to use Azure AD or implement a Windows Server 2016 domain controller (or later).
13. What technology is used to secure my biometric information?
SentryPoint ®: A suite of security features for the Synaptics fingerprint sensor solution.
SecureLink ™: Enables a strong TLS 1.2 (communication channel encryption)/AES-256 (data encryption) from the sensor to the host.
PurePrint®: Anti-spoof technology. Detects real fingers from fake fingers.
Match-in-Sensor ™: Technology whereby the fingerprint template is securely matched on the fingerprint sensor silicon itself. This limits the data transfer to the host as a simple “yes/no” communication. Even then, the match result is encrypted.
Quantum Matcher ™: The chip features a 192 MHz processor, a hardware accelerated matcher.
14. What’s the difference between Kensington’s Biometric Solutions?
