Security at your Fingertips

a. U2F: Universal Second Factor

b. 2FA: 2nd Factor Authentication

c. UAF: Universal Authentication framework

d. MFA: Multi Factor Authentication

e. W3C: World Wide Web Consortium

f. WebAuthn: Web Authentication

g. GPO: Group policy objects

h. MDM: Mobile device management

i. PIN: Personal identification number

j. AD: Active domain

k. FIDO: Fast identity Online

l. FIDO2: Latest generation of FIDO

m. CTAP: Client to Authenticator Protocol

n. CTAP2: Latest generation of CTAP

o. GDPR: General Data Protection Regulation

p. BIPA: Biometric Information Privacy Act

q. CCPA: California Consumer Privacy Act

r. FRR: False Rejection Rate

s. FAR: False Acceptance Rate

Answers:

a. Identifies the user by making a match with a known and secured “template” or record of the user’s fingerprint.

b. The functions performed in software include identification of fingerprint characteristics, creation of a secure biometric asset (the fingerprint template), storage of the asset, and matching a newly created fingerprint template with the one stored on the device. The host system also provides the security required to protect the integrity and privacy of the fingerprint data.

Answers:

a. Isolates fingerprint operations away from the host OS in the sensor itself.

b. Even if the host is completely compromised by a successful attack of any type or origin, it’s extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario

Answer: VeriMark™ Fingerprint sensors work by creating several templates using ridges and valleys on a finger. The information is then processed by the device’s pattern analysis/matching software, which compares it to the list of registered fingerprints.

Answer: Fingerprint authentication replace the use of passwords, SMS and code verification. They are the one of the most fast and secure methods of authentication.

Answers:

a. Unique to every user: A fingerprint consists of unique features such as ridges, valleys and minutiae points that are unique to an individual. It is almost impossible to replicate a fingerprint and it never changes with time unless there is an unusual occurrence.

b. Loss proof: Users often mistype or forget their PINs.

c. Security: All biometric data is encrypted and digitally signed using strong 256-bit Advanced Encryption Standard and Transport Layer Security technologies.

d. Speed: PIN authentication might take a few seconds or more if you use the wrong one whereas fingerprint recognition is a seamless, near-instant process.

e. Easy Enrollment: Most services requires a one-time enrollment of fingerprint desired to be used.

f. User Experience: It allows users to log in or authenticate in an easier faster and more secure way.

Answer: Yes, one Windows account can register more than one fingerprint including that of multiple users, the maximum fingerprints eligible to register is 10 fingerprints.

Answers:

a. You can login to your Windows account through your regular password or pin code as the backup until you are able to replace or find your VeriMark™ Fingerprint Key.

b. For U2F login, you can still use your regular password with OTP phone messages to login into your Google, Dropbox and other accounts.

c. Your fingerprint image/file has been changed into an encrypted file through a secure algorithm so that it can be stored in your laptops settings so you can purchase another VeriMark™ Fingerprint Key to continue use.

Answer: FIDO is a “standard” technology term, like Wi-Fi, or Bluetooth. It works on any web browser and on all of your devices, including our smartphone, desktop, or laptop computer, tablet, or smartwatch. FIDO makes logging in to your online accounts much easier, while keeping your info safe from hackers. You can get more information from here: https://fidoalliance.org/

Answer: Currently Internet Explorer Edge, Google Chrome, Mozilla Firefox and Safari are supported. Please see our support page for browser limitations.

Answers:

a. FIDO: Provides stronger authentication using Universal Authentication Framework (UAF) and the Universal 2nd Factor (U2F). U2F devices use the public encryption key scheme to protect your account. The private key is stored exclusively on the U2F device and never leaves it, which makes it much more secure than SMS- and time-based 2FA methods.

b. FIDO2 : The updated and upgraded version of its original specifications. Easier adoption of secure, passwordless authentication for a wide range of online services and user devices. The main component of FIDO2 is Web Authentication (WebAuthn), developed in collaboration with the World Wide Web Consortium (W3C). WebAuthn is a set of standards and web application programming interfaces (APIs) that can add FIDO-based authentication to supported browsers and platforms.

Answers:

a. Windows Hello is targeted towards individual consumers, it replaces a PIN used on your personal device. Devices using Windows Hello are normally not joined to a domain.

b. Windows Hello for business can be configured by GPO or MDM and uses a PIN backed by asymmetric (public/private key) or certificate-based authentication. By eliminating the use of hashes, the security is increased. To use this asymmetric key mode, you need to use Azure AD or implement a Windows Server 2016 domain controller or later.

Answers:

a. Synaptics Technology (SentryPoint ® End to End Security) I will like mentioning the Synaptics technology and leveraging their trademark names since they are a big differentiator vs other brands in the market.

b. SentryPoint ®: Is a suite of security features for Synaptics fingerprint sensor solution.

c. SecureLink ™ , (enables a strong TLS 1.2 (communication channel encryption) / AES-256 (data encryption) all the way from the sensor to host.

d. PurePrint® Anti-Spoof technology (that can detect real fingers and fake fingers).

e. Match-in-Sensor ™ technology where the fingerprint template is securely matched on fingerprint sensor silicon itself this limits the data transfer to the host as a simple yes/no communication. Even then, the match result is also encrypted.

f. Quantum Matcher ™ “ algorithms, the chip features a 192 MHz processor, a hardware accelerated matcher.