ThinC-AUTH BioPro

Biometric PIV & FIDO2 Security Key

  • Biometric PIV
  • Biometric FIDO2
  • Microsoft compatible
thincbiobannerimg

Overview

ThinC-AUTH BioPro

The ThinC-AUTH BioPro is a USB based Security Key with support for Biometric PIV & FIDO2 authentication standards. When using the AUTH BioPro for Smart-card logon, a separate card reader is not required.

ThinC-AUTH BioPro works with AzureAD Certificate Based Authentication (CBA), Local AD SmartCard Login, RDP and Windows Server machines

A PIV (Personal Identity Verification) uses certificate-based authentication (CBA) enables enterprise users to securely authenticate to access controlled resources (Servers, Workstations, Applications etc.) and information systems at the appropriate security level.

ThinC-AUTH BioPro also works with Azure Active Directory and Microsoft Account to access Microsoft Cloud Services, including Microsoft 365, Microsoft Dynamics 365, and Microsoft Azure with a simple touch of a fingerprint authentication using FIDO2.

Features

Supports hybrid
environment

Users can now sign in to Windows on both Azure AD and Hybrid Azure AD joined devices

Configurable
security key

With a biometric touch-to-authenticate, the multi protocol ThinC-AUTH protects

Fingerprint
authentication

Strong biometric technology makes ThinC-AUTH Security Key one of the most secure hardware tokens.

Strong security
architecture

The core functionalities of the embedded security chip of ThinC-AUTH is to encrypt,

Strong
algorithms

AES, HMAC, ECDH achieves high-level security to User and Key.

Single key for
hundreds of services

Passwordless authentication to Windows 10 systems (connected to Azure AD);

Functional Features & Specifications

ThinC-AUTH BioPro (Biometric PIV+FIDO2 Security Key) — Features & Specifications
Category Functionality: Biometric FIDO2 Functionality: Biometric PIV
Make & Model Make: ENSURITY
Model: 'ThinC-AUTH BioPro' Biometric PIV+FIDO2 Security Key
Connectivity • Full-speed USB 2.0 (Type-A) interface
• High-quality, durable, and water-resistant casing
• Strong and compact design for everyday use
• Cost-efficient alternative to expensive readers
• HID interface (requires no driver for any operating system) • Smartcard interface (requires MiniDriver for Windows)
Fingerprint Biometrics • 360° fingerprint touch sensor (with a life over 200,000 times)
• High-definition, fast and accurate fingerprint recognition (<1 sec.; FAR <0.001%; FRR <1%) – accepts live fingerprints and prevents from spoofed biometric authentication, such as latex-captured fingerprint images
• Support for multi-fingerprint registrations (user binding to the Security Key with fingerprints)
• High fingerprint capacity – stores up to five fingerprints
• Fingerprint minutiae templates are encrypted and stored within the secure controller (CC EAL5+ certified) of the device. The templates will never be extracted out of the security key.
Security & Cryptology • CC EAL5+ certified 32bit Crypto RISC processor
• Supported algorithms: ECDSA, SHA256/SHA512, AES256, HMAC
• Cryptographic acceleration: RSA, ECC, ECDH
• Encrypted flash storage for biometric templates
• Dynamic on-chip Encryption/Token Key generation using inbuilt TRNG
• Hardware-based Unique ID
Authentication in compliance • Supports FIDO2 (WebAuthN / CTAP protocols) authentication standards• Passwordless login to Windows 10 Pro R1903+ OS systems (joined to Microsoft Azure AD)
• Supports U2F (Universal 2-Factor) authentication standards
• Passwordless authentication for upto 30 different WebAuthn accounts (Resident Key)
• Two-factor authentication to unlimited WebAuthn accounts (Server Key)
• Compatible with Microsoft Windows, MacOS, and Linux platforms — works with most of the latest version of browsers
• Smart card-based public key infrastructure (PKI) authentication for Windows login, VPN, Web Login, Remote Sessions, as well as data security, digital signature and secure email.
• Two-factor authentication with PIN
• Request a certificate from a Windows Certification Authority, generate a self-signed certificate, or import an existing certificate to the AUTH BioPro Key.
• Generate a certificate based on the Server CA Template stored in the secure element on the device. Supports all Windows smart card behaviors, including lock on removal.
Performance • Authentication to the application is less than 750ms
• Durability tested for more than 20,000 insertion cycles
Environment • Temperature: Storage —20°C to 70°C
• Temperature: Operating —5°C to 55°C

Standards

  • Security Functions: WebAuthn, FIDO2 CTAP1, FIDO2 CTAP2, Universal 2nd Factor (U2F), Smart card (PIV-compatible), OATH – HOTP (Event), OATH – TOTP (Time).

  • Cryptographic Specifications: RSA 2048, RSA 4096 (PGP), ECC p256, ECC p384