ThinC-AUTH BioPro
Biometric PIV & FIDO2
ThinC-AUTH BioPro works with AzureAD Certificate Based Authentication (CBA), Local AD SmartCard Login, RDP and Windows Server machines.
A PIV (Personal Identity Verification) uses certificate-based authentication (CBA) enables enterprise users to securely authenticate to access controlled resources (Servers, Workstations, Applications etc.) and information systems at the appropriate security level. ThinC-AUTH BioPro also works with Azure Active Directory and Microsoft Account to access Microsoft Cloud Services, including Microsoft 365, Microsoft Dynamics 365, and Microsoft Azure with a simple touch of a fingerprint authentication using FIDO2.
Features
Why choose
ThinC-AUTH BioPro
01
Biometric multi-protocol security key
Biometric PIV (Smart Card and Certificate based Authentication); and Biometric FIDO2 security key
02
Local / Hybrid / Azure Active Directories
Works in multiple AD infrastructure environment
03
Secure Fingerprint authentication
Embedded with world’s No1 capacitive fingerprint touch sensor. Prevents from spoofed fingerprint authentication.
04
Strong security architecture
"ThinC-AUTH BioPro" is embedded with FIPS 140-2 Cryptographic secure element to manage all crypto functions
05
Single key for hundreds of services
Extensive feasibility for users to manage hundreds of WebAuthn applications with one Security Key.
06
Single key for multiple platforms
Secure Logon to Windows, Servers, Workstations, RDP, Linux, macOS, Applications, Firewalls, VPN, and Network Devices
Functional Features & Specifications
Category
Functionality: Biometric FIDO2
Functionality: Biometric PIV
Make & Model
Make: ENSURITY
Model: 'ThinC-AUTH BioPro' Biometric PIV+FIDO2 Security Key
Connectivity
• Full-speed USB 2.0 (Type-A) interface
• High-quality, durable, and water-resistant casing
• Strong and compact design for everyday use
• Cost-efficient alternative to expensive readers
• HID interface (requires no driver for any operating system)
• Smartcard interface (requires MiniDriver for Windows)
• High-quality, durable, and water-resistant casing
• Strong and compact design for everyday use
• Cost-efficient alternative to expensive readers
• HID interface (requires no driver for any operating system)
• Smartcard interface (requires MiniDriver for Windows)
Fingerprint Biometrics
• 360° fingerprint touch sensor (with a life over 200,000 times)
• High-definition, fast and accurate fingerprint recognition (<1 sec.; FAR <0.001%; FRR <1%) – accepts live fingerprints and prevents from spoofed biometric authentication, such as latex-captured fingerprint images
• Support for multi-fingerprint registrations (user binding to the Security Key with fingerprints)
• High fingerprint capacity – stores up to five fingerprints
• Fingerprint minutiae templates are encrypted and stored within the secure controller (CC EAL5+ certified) of the device. The templates will never be extracted out of the security key.
• High-definition, fast and accurate fingerprint recognition (<1 sec.; FAR <0.001%; FRR <1%) – accepts live fingerprints and prevents from spoofed biometric authentication, such as latex-captured fingerprint images
• Support for multi-fingerprint registrations (user binding to the Security Key with fingerprints)
• High fingerprint capacity – stores up to five fingerprints
• Fingerprint minutiae templates are encrypted and stored within the secure controller (CC EAL5+ certified) of the device. The templates will never be extracted out of the security key.
Security & Cryptology
• CC EAL5+ certified 32bit Crypto RISC processor
• Supported algorithms: ECDSA, SHA256/SHA512, AES256, HMAC
• Cryptographic acceleration: RSA, ECC, ECDH
• Encrypted flash storage for biometric templates
• Dynamic on-chip Encryption/Token Key generation using inbuilt TRNG
• Hardware-based Unique ID
• Supported algorithms: ECDSA, SHA256/SHA512, AES256, HMAC
• Cryptographic acceleration: RSA, ECC, ECDH
• Encrypted flash storage for biometric templates
• Dynamic on-chip Encryption/Token Key generation using inbuilt TRNG
• Hardware-based Unique ID
Authentication in compliance
• Supports FIDO2 (WebAuthN / CTAP protocols) authentication standards
• Passwordless login to Windows 10 Pro R1903+ OS systems (joined to Microsoft Azure AD)
• Supports U2F (Universal 2-Factor) authentication standards
• Passwordless authentication for upto 30 different WebAuthn accounts (Resident Key)
• Two-factor authentication to unlimited WebAuthn accounts (Server Key)
• Compatible with Microsoft Windows, MacOS, and Linux platforms — works with most of the latest version of browsers
• Smart card-based public key infrastructure (PKI) authentication for Windows login, VPN, Web Login, Remote Sessions, as well as data security, digital signature and secure email.
• Two-factor authentication with PIN
• Request a certificate from a Windows Certification Authority, generate a self-signed certificate, or import an existing certificate to the AUTH BioPro Key.
• Generate a certificate based on the Server CA Template stored in the secure element on the device. Supports all Windows smart card behaviors, including lock on removal.
• Passwordless login to Windows 10 Pro R1903+ OS systems (joined to Microsoft Azure AD)
• Supports U2F (Universal 2-Factor) authentication standards
• Passwordless authentication for upto 30 different WebAuthn accounts (Resident Key)
• Two-factor authentication to unlimited WebAuthn accounts (Server Key)
• Compatible with Microsoft Windows, MacOS, and Linux platforms — works with most of the latest version of browsers
• Smart card-based public key infrastructure (PKI) authentication for Windows login, VPN, Web Login, Remote Sessions, as well as data security, digital signature and secure email.
• Two-factor authentication with PIN
• Request a certificate from a Windows Certification Authority, generate a self-signed certificate, or import an existing certificate to the AUTH BioPro Key.
• Generate a certificate based on the Server CA Template stored in the secure element on the device. Supports all Windows smart card behaviors, including lock on removal.
Performance
• Authentication to the application is less than 750ms
• Durability tested for more than 20,000 insertion cycles
• Durability tested for more than 20,000 insertion cycles
Environment
• Temperature: Storage —20°C to 70°C
• Temperature: Operating —5°C to 55°C
• Temperature: Operating —5°C to 55°C
Standards
Security Functions
WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), Smart card (PIV-compatible), OATH – HOTP (Event), OATH – TOTP (Time).
Cryptographic Specifications
RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384
Benefits
Benefits of Biometric PIV & FIDO2
01
Phishing-resistance
Eliminates password related common attack vectors such as phishing, intercepting, stealing, sharing or any other compromisation factors.
02
Simplifies the authentication process
Simplifies the authentication process. PIV doesn’t require hard-to-remember or confusing passwords for the client. When employees don’t need to remember passwords, it’s easier for authorized users to access privileged services and sites. Additionally, this reduces IT support costs and employee frustration.
