Ensurity | ThinC

ThinC_AUTH

Secure and simpler authentication

"ThinC-AUTH Biometric Security Key" is FIDO2 certified and is Microsoft compatible, used for passwordless login to latest version of Windows 10 operating system and numerous FIDO2 enabled web applications

FEATURES

Features

SUPPORTS HYBRID ENVIRONMENT

Users can now sign in to Windows on both Azure AD and Hybrid Azure AD joined devices with FIDO2 based ThinC AUTH and access traditional Active Directory Domain Services (AD DS) based resources with a seamless single sign-on (SSO) experience to their on-prem resources.

Configurable Security Key

With a biometric touch-to-authenticate, the multi protocol ThinC-AUTH protects access to computers, online services, and networks.

Fingerprint authentication

Strong biometric technology makes ThinC-AUTH Security Key one of the most secure hardware tokens. The biometric module prevents any misuses of the Key from unauthorized Users other than the valid user. No security risk in case of losing the Key.

Strong Security Architecture

The core functionalities of the embedded security chip of ThinC-AUTH is to encrypt, store and validate your fingerprint templates. Once enrolled, it is impossible for someone to reverse engineer your fingerprint data from the protected storage.

Strong Algorithms

AES, HMAC, ECDH achieves high-level security to User and Key.

Single Key for hundreds of services

Passwordless authentication to Windows 10 systems (connected to Azure AD); multiple PC platforms; and multiple FIDO2 enabled web applications.

Bespoke Design

We offer customization options for casing-colors, engraving, and packaging.

Move beyond Passwords!

Get your "FREE" Starter Kit now!

100% free for enterprises.

APPLY NOW

"Microsoft has been a preeminent advocate of FIDO Alliance's mission to move the world beyond passwords."

Andrew Shikiar

CMO of the FIDO Alliance

Ensurity in Elite Group

Ensurity Technologies, with its FIDO2 certified Biometric Security Key "ThinC-AUTH" for passwordless multi-factor authentication, has been inducted into MISA (Microsoft Intelligent Security Association), which consists an elite group of cybersecurity technology companies partnering with Microsoft in building advanced solutions for evolving threats.

MISA comprises of select companies that provide innovative and advanced security technologies. MISA included products for: Azure Active Directory, Azure Information Protection, Windows Defender ATP, Microsoft Intune, Microsoft Graph Security API, Microsoft Cloud App Security, as well as other Microsoft related technologies.

About MISA Ensurity in MISA

WHY BIOMETRIC-BASED FIDO2 SECURITY KEYS ARE PREFERABLE PASSWORDLESS LOGIN SOLUTION TO A NON-BIOMETRIC KEY?

Read

Ensurity's ThinC-AUTH is a privacy & security enabler and is ultra-secure hardware-based Security Key for online identity & authentication with onboard 360° Fingerprint touch sensor.

SPECIFICATIONS

ThinC-AUTH Biometric Security Key

Security Algorithm

ECDSA, SHA256, AES, HMAC, ECDH
Interface

USB-A
Communication Protocol

CTAPHID
Working Voltage

5.0V
Working Current

Standby: 80mA
Power

Standby: 0.4W
Working Temperature

(-10°C to 45°C)
Storage Temperature

(-20°C to 70°C)
LED Lights

2 multi-color LEDs
Casing Material

Metal+ABS

Fingerprint Module in ThinC-AUTH

Image Pixel

160 x 160 pixels with 8-bit depth
DPI

508 DPI
Fingerprint Sensor

Capacitive 360° Touch Fingerprint Sensor with Ultra-low power consumption
Sensor Protection

Integrated conductive bezel
Sensor Quality

Superior 3D image quality
Server Service Life

More than 200k times
Storage

5 fingerprint templates
False Accept Rate

<0.001%
False Reject Rate

<1%
Recognition Time

<0.6s (for 120 finger points)
Acquisition Time

<180ms
ESD range

IEC61000-4-2, level X, air discharge (±30 kV)

In a traditional authentication, the user types in his credentials on the device/browser then the browser sends those credentials to the server for user verification. However, that’s not the case for passwordless authentication where no password is sent over the internet.
Only the assertion generated by the authenticator is sent to the Relying Party (server) and the authentication is done on the authenticator level using the biometrics on the ThinC-AUTH Security Key. From a security perspective, the user credentials can’t be technically leaked or brute-forced since there’s no password to compromise. For biometrics, only the templates are registered, which are encrypted and stored within the Security Key and will not be accessible for external usage. This user-friendly process drastically reduces the risks associated with human error in cybersecurity.

Inadequacy of passwords

How many times are you unable to use digital applications because you’ve forgotten your password? From dozens of passwords for everything from social media sites to shopping, company, and productivity-related platforms like Github, a large part of our day is spent dealing with passwords.
Recent research delving into passwords found that an alarming 78% of respondents use an insecure method to help remember their password, with 34% admitting to using the same password for multiple accounts.
Poor password hygiene presents a significant security risk for organizations. According to the 2019 Verizon Data Breach Investigations Report, 80% of hacking-related breaches involve compromised or weak credentials, while 29 per cent of all breaches involved the use of stolen credentials. The consequences of a breach can be catastrophic, with the average cost of a stolen record $148, and the total cost incurred from a data breach averaging at $3.86m - far from small numbers. Despite this, 65% of organizations do not even check employee credentials against common password lists.

FIDO2

Securing WWW with password-free authentication

Overcoming the reliance on passwords is not going to happen overnight, but with technological advancements, such as FIDO2, there is finally encouragement for a passwordless future.
FIDO2 is a phishing proof, passwordless authentication protocol developed as a joint effort between the FIDO Alliance and the World Wide Web Consortium (W3C) , and the main goal of this project was to create a strong authentication standard for the web. In March 2019, W3C announced that WebAuthn is now the official web standard for password-free login. At its core, FIDO2 consists of a mixture between the W3C WebAuthn standard and the FIDO Client to Authenticator Protocol (CTAP).

There are three major players in the FIDO2 Workflow:

1
The WebAuthn Relying Party (The website we’re authenticating to)
2
The client or the browser who will play the role of the middleman
3
The FIDO2 Authenticator (ThinC-AUTH Biometric Security Key)

Here’s how it generally works:

There are two types of workflow in FIDO2: Registration & Authentication.

Registration would be enrolling a new Security Key to your account for future use and authentication would be using that Key to prove your identity.

User sets a PIN and enrol fingerprints to ThinC-AUTH. Setup is inbuilt in Windows 10 Ver 1903. For other Operating Systems, User can download a ThinC Tool from www.ensurity.com website.
User visits the FIDO2 enabled website and enables two-factor authentication and configures 2FA with FIDO2 Security Key.
For the login process, User visits the website and clicks on the login button.
The server generates a challenge and sends the browser a list of credentials that are registered to the user. It also contains information on the authenticator device (for example whether the device connects over USB or BLE, etc.)
Browser asks the authenticator to sign the challenge.
Authenticator requests the user to tap on its biometrics 360° touch sensor to verify.
A signed assertion is created using the private key and is sent to the relying party for verification.
The relying party verifies that the assertion contains the expected source and challenge and if everything is validated it, the authentication will be successful. If not, it will be prevented as it will be considered a phishing attack.

1) What is ThinC-AUTH?

ThinC-AUTH is USB based Security Key with Biometrics. The device is FIDO2 certified and is Microsoft compatible. ThinC-AUTH is suitable for secure passwordless authentication to multiple FIDO2 enabled web applications and Microsoft Windows 10 Rel 1903 or higher versions.

2) What is FIDO?

The Fast Identity Online (FIDO) Alliance is a non-profit organization dedicated to reducing reliance on username/password authentication approach. To learn more about FIDO, visit https://fidoalliance.org/. Members of the alliance include. Microsoft, Google, Nok Nok Labs, Samsung, RSA, NTT Docomo etc.

3) What is FIDO2?

Latest FIDO standards, FIDO2 proposals present a strong user authentication framework that can replace passwords and will achieve it without compromising user convenience and experiences across difference types of devices and clients. To learn more about FIDO2, visit https://fidoalliance.org/fido2/.

4) How do I use the ThinC-AUTH Security Key?

Enroll your fingerprints to the device. You can either use the built-in configuration tool in Windows 10 Rel 1903 or you can download a configuration tool from Ensurity website — https://thinc.ensurity.com/#downloads.
Register your ThinC-AUTH Security Key with the account you want to secure. Or activate the device by registering with ThinC-AUTH tool or Windows 10 Ver 1903.
Whenever you sign-in to your web account or Windows PC, simply insert the security key into a USB port, and when prompted and tap on the fingerprint sensor with your registered finger to complete the authentication.

5) Which major services are available that support U2F? Or a compatible U2F service provider?

Microsoft Azure Active Directory, Microsoft account, GitHub, Twitter, OneLogin, etc.

6) Which major browsers support FIDO2?

ThinC-AUTH Key works with all major and latest version of web browsers, including Chrome, Edge, Firefox, Safari etc.

7) Can I login to Microsoft Azure AD using your security key?

ThinC-AUTH Keys fully supports Microsoft Azure AD. It can be used to sign into Azure joined Windows PC whether you are online or offline/airplane mode.

8) Can I use ThinC-AUTH Security Key in place of other U2F based keys?

ThinC-AUTH Security Key is now available on variety of operating systems and platforms that offer support for U2F and FIDO2 protocol services. ThinC-AUTH Key can be used instead of any 3rd party security keys.

9) Is my fingerprint image stored in the computer during the enrollment process?

ThinC-AUTH Security Key stores only encrypted fingerprint template in a secure storage area within the Security Key. The stored data will never leave the key, even during registration or verification or authentication processes.

10) What is ThinC-AUTH tool?

ThinC AUTH tool has biometric fingerprint management function that interacts with ThinC-AUTH device and manages fingerprints stored on the device. The management functions include registering the fingerprints, delete fingerprints, list the free / occupied fingerprints storage slots, verify fingerprints.

11) Where I can get the ThinC-AUTH tool?

You can download it from our official websites - https://www.ensurity.com/ or https://thinc.ensurity.com/#downloads.

12) Which OS does ThinC-AUTH tool support?

ThinC-AUTH tool support Windows 7/8/10, Ubuntu (16.04 or higher), MacOS (10.10.x or higher).

13) How to enroll the fingerprint to the ThinC-AUTH key?

There are two different ways to enroll the fingerprints: Microsoft Windows 10 ver 1903 or higher and/or ThinC-AUTH tool.

14) What should I do if the key is locked?

For security reasons, ThinC-AUTH key will be completely locked if the registered fingerprint fails 5 times in a row. Disconnect the device and run ThinC-AUTH tool and enter PIN code to unlock the device.

15) Can I reset the security key to factory setting?

Factory Reset can be done through ThinC-AUTH tool. After installing the ThinC-AUTH tool, click Factory Reset button and re-inserting the device. And then touch the sensor twice. Please refer to ThinC-AUTH Key Manual for details.

16) Without the User biometric authentication, can ThinC-AUTH be used to access accounts?

Yes, in certain modes. FIDO2 Standard specifies 3 modes of user authentication to protect against injection or replay of FIDO2 user verification data. o Note: The FIDO Server/Web Service can choose which mode they use to authenticate the user so even after enrolling fingerprint and setting client pin if the server tries to authenticate in User Presence mode then the ThinC-AUTH device will not verify the fingerprint. o User Presence: ThinC-AUTH provides a mechanism to establish secure access only if the user confirms the action by tapping the touch sensor prevents remote attacks. o Client PIN: Verifies the user with a PIN/Password. After 5 failed user verification attempts in a row, the ThinC-AUTH falls back to an alternative user verification method. o User Verification: Verifies the fingerprint to make sure the user is verified. This mode requires biometric authentication.

17) How many fingerprints can be registered onto the device?

ThinC-AUTH supports up to 5 fingerprints.

18) If user loses the device, how can the user authenticate to FIDO enabled services?

User needs to deactivate the two-factor authentication from the FIDO enabled service and needs to reactive 2FA service on a new ThinC-AUTH device. The 2FA deactivation process depends on the Website/Service providers and may vary from one to other. o Note: It is a best Practice is to use fall back recovery mechanism provided by the service provider.

19) Can the User take a backup of the FIDO credentials from ThinC-AUTH tool?

Ensurity will be providing a few optional ‘add-on' services. Using the add-on services/modules, User can securely take backup of multiple FIDO registrations and securely store them in private/public cloud in future.

20) Is there any limit on the number of Websites/Services that you can use with the ThinC-AUTH device?

For FIDO U2F services, the device supports unlimited registrations.
For FIDO2 services, device supports unlimited FIDO2 registrations with non-resident keys and up to 30 for FIDO2 services requiring Resident key.

21) What is the use of PIN/Password?

The device provides PIN/password as back up authentication mechanism for fingerprint as per FIDO standards. Once PIN/password is configured in device via tool, in a scenario of 5 unsuccessful fingerprint authentication attempts in FIDO services, the device gets blocked and needs to be unlocked using the tool to access the FIDO services again.

22) Is the tool required during the authentication to Website/FIDO services?

Once the user has registered fingerprints using tool the device can now operate independently or independent with the Websites/FIDO Services.
The Device works with FIDO services without requiring tool.

ThinC AUTH for Passwordless Login, FIDO2 certified & Microsoft compatible

"ThinC-AUTH Biometric Security Key" is FIDO2 certified and is Microsoft compatible, used for passwordless login to latest version of Windows 10 Operating System and numerous FIDO2 enabled Web Applications.

Windows 10 Passwordless Login with ThinC-AUTH Biometric Security Key

"ThinC-AUTH Biometric Security Key" is FIDO2 certified and is Microsoft compatible, used for passwordless login to latest version of Windows 10 Operating System.