Security at your Fingertips

• 2FA: Two-Factor Authentication
• AD: Active Directory
• BIPA: Biometric Information Privacy Act
• CCPA: California Consumer Privacy Act
• CTAP: Client to Authenticator Protocol
• CTAP2: Latest generation of CTAP
• FAR: False Acceptance Rate
• FIDO: Fast Identity Online
• FIDO2: Latest generation of FIDO
• FRR: False Rejection Rate
• GDPR: General Data Protection Regulation
• GPO: Group Policy Objects
• MDM: Mobile Device Management
• MFA: Multi- Factor Authentication
• OTP: One-Time Password
• PIN: Personal Identification Number
• TPM: Trusted Platform Module
• U2F: Universal 2^nd Factor Authentication
• UAF: Universal Authentication Framework
• W3C: World Wide Web Consortium
• WebAuthn: Web Authentication

1. Identifies the user by making a match with a known and secured “template” or record of the user’s fingerprint.
2. The functions performed in software include identification of fingerprint characteristics, creation of a secure biometric asset (the fingerprint template), storage of the asset, and matching a newly created fingerprint template with the one stored on the device. The host system also provides the security required to protect the integrity and privacy of the fingerprint data.

1. Isolates fingerprint operations away from the host OS in the sensor itself.
2. Even if the host is completely compromised by a successful attack of any type or origin, it is extremely difficult to force the matcher to generate a false positive result, replay an old result, or in any other way alter or manipulate the match result. This ensures that an identity-authentication subsystem will remain secure even under a worst-case scenario.

1. VeriMark™ Fingerprint readers work by creating several templates using ridges and valleys on a finger. The information is then processed by the device's pattern analysis/matching software, which compares it to the list of registered fingerprints.

1. Fingerprint authentication replaces the use of passwords, SMS, and code verification. It is one of the fastest and most secure methods of authentication.

1. Unique to every user: A fingerprint consists of unique features such as ridges, valleys, and minutiae points that are unique to an individual. It is practically impossible to replicate a fingerprint, and it never changes with time unless there is an unusual occurrence.
2. Loss proof: Users often mis-type or forget their PINs.
3. Security: All biometric data is encrypted and digitally signed using strong 256-bit Advanced Encryption Standard (AES) and Transport Layer Security (TLS) technologies.
4. Speed: PIN authentication may take longer, and it is possible to enter the wrong code, whereas fingerprint recognition is a seamless, near-instant process.
5. Easy setup: With most services, users simply have to register their fingerprint once.
6. User experience: Allows users to log in or authenticate in an easier, faster, and more secure way.

1. Yes, one Windows account can register more than one fingerprint including those of multiple users — up to 10 fingerprints in all.

1. Your fingerprint data is safe. You can log in to your Windows account through your regular password or PIN as a backup until you are able to replace or find your VeriMark™ Fingerprint Key.
2. For U2F login, you can still use your regular password with OTP phone messages to log in to your Google, Dropbox, and other accounts.
3. VeriMark changes your fingerprint image/file into an encrypted file through a secure algorithm so that it can be stored in your laptop’s settings. Because of this, you can purchase a replacement VeriMark™ Fingerprint Key and pick up right where you left off.

1. FIDO is a “standard” technology term, such as “Wi-Fi” or “Bluetooth.” It works on any web browser and on all your devices, including smartphones, desktop or laptop computers, tablets, and smart watches. FIDO makes logging in to your online accounts much easier, while keeping your info safe from hackers. You can find more information about FIDO here: https://fidoalliance.org/

1. Currently, Internet Explorer, Edge, Google Chrome, Mozilla Firefox, and Safari are supported. Please see our support page for browser limitations: https://www.kensington.com/software/verimark-setup/

1. FIDO: Provides strong authentication using Universal Authentication Framework (UAF) and Universal 2nd Factor (U2F). U2F devices use the public encryption key scheme to protect your account. The private key is stored exclusively on the U2F device and never leaves it, which makes it much more secure than SMS- and time-based 2FA methods.
2. FIDO2: The updated and upgraded version of its original specifications. Featuring easier adoption of secure, passwordless authentication for a wide range of online services and user devices. The main component of FIDO2 is Web Authentication (WebAuthn), developed in collaboration with the World Wide Web Consortium (W3C). WebAuthn is a set of standards and web application programming interfaces (APIs) that can add FIDO-based authentication to supported browsers and platforms.

1. Windows Hello is targeted toward the individual consumer, it replaces a PIN used on your personal device. Devices using Windows Hello are normally not joined to a domain.
2. Windows Hello for Business can be configured by GPO or MDM and uses a PIN backed by asymmetric (public/private key) or certificate-based authentication. By eliminating the use of hashes, the security is increased. To use this asymmetric key mode, you need to use Azure AD or implement a Windows Server 2016 domain controller (or later).

1. Synaptics Technology (SentryPoint ® end-to-end security)
2. SentryPoint ®: A suite of security features for the Synaptics fingerprint sensor solution.
3. SecureLink ™: Enables a strong TLS 1.2 (communication channel encryption)/AES-256 (data encryption) from the sensor to the host.
4. PurePrint®: Anti-spoof technology. Detects real fingers from fake fingers.
5. Match-in-Sensor ™: Technology whereby the fingerprint template is securely matched on the fingerprint sensor silicon itself. This limits the data transfer to the host as a simple “yes/no” communication. Even then, the match result is encrypted.
6. Quantum Matcher ™: The chip features a 192 MHz processor, a hardware accelerated matcher.

Download VeriMarkBrochure2021-v6