ATKey.card User Guide REVISION: 1.2 Table of Contents Table of Contents ................................................................................................................. 1 Preface ......................................................................................................................... 2 o o ATKey.card ................................................................................................................. 2 Before Start (Enroll Fingerprint, Battery and LED) ........................................................... 3 Main Functionalities: .................................................................................................... 4 ATKey.card for Windows Windows Hello ................................................................................................4 ATKey.card for Mac Mac login .................................................................................................................4 ATKey.card for FIDO U2F ............................................................................................................................4 ATKey.card for FIDO2 .................................................................................................................................4 ATKey.card for NFC reader (Mifare Type A Door locker) ...........................................................................4 Extra Highlights and Troubleshooting ........................................................................................................4 1. Enroll fingerprint into ATKey.card ..................................................................................... 5 i) Enroll from Windows 10 (USB or BLE) ............................................................................ 5 ii) Enroll from Mac (BLE) ................................................................................................ 10 iii) iv) Enroll from iOS (Later schedule) .............................................................................. 14 Enroll from Android (Later schedule) ........................................................................ 14 2. ATKey.card for Windows Hello ........................................................................................ 15 3. ATKey.card for Mac Login .............................................................................................. 17 4. ATKey.card for FIDO U2F ............................................................................................... 18
(USB) FIDO U2F from Windows (Windows 7/8/8.1/10) and Mac OS Chrome browser ...... 18
(Bluetooth) FIDO U2F via iPhone/iPad (iOS) app Smart Lock and Chrome browser ....... 23
(NFC) FIDO U2F via Android phone/tablet Chrome browser ......................................... 25 5. ATKey.card for FIDO2 ................................................................................................... 26 6. ATKey.card for NFC Reader ............................................................................................ 28 Extra Highlights and Trouble Shooting ............................................................................. 29 FCC and NCC statement ................................................................................................ 30 1 Preface o ATKey.card LED#2 (RGB Tri-color) LED#1 (Blue) Power button Fingerprint sensor USB Connector (back side) S/N (Keycode), 8-didits Mifare ID, 8-digits 8 90mAh Li-on rechargeable battery NFC Antenna area 2 o Before Start (Enroll Fingerprint, Battery and LED) 1st MUST item- Enroll your fingerprint into ATKey.card, then it can work for below functionalities. Enroll through Windows app Enroll through Mac app Enroll through Mobile app (we will provide it later) Fingerprint sensor Battery There is a 90mAh Li-on re-chargeable battery (through USB port) Please do battery charge at your 1st time usage o o Insert card into USB port (PC or USB adapter) to start battery charging It will turn LED#1 ON (Blue) power on the card If you cant see the LED#1 is ON, please wait for a while because the Li-On battery protected by PCM, if the battery is low and never charge for a long time, it needs resume time to start the battery charging so, please wait for minutes, LED will tune on to start battery charging o During the charging, LED#2 shows RED flashing; if the LED#2 RED is off, it means full charged. If the card inserts to PC USB port its USB mode, BLE is off If the card inserts to USB power adapter its battery charging mode, BLE is still ON If you find the LED#2 shows slow RED flashing, it means the card is in battery-
low state, please do battery charge immediately. LEDs STATE LED#1 (Blue) LED#2 (tri-color, RGB) Power ON/OFF Blue flashing, Waiting for fingerprint
(touch) then ON Blue flashing Any Touch fingerprint to confirm the pairing from host
(White ON) Fingerprint matching success
(Green ON a second) or Fail (RED ON a second) NFC ON (Green ON for 15 sec) Bluetooth/BLE Battery LED#2: Bluetooth broadcasting
(blue flashing) LED#2: BLE Connected (Blue ON) Low battery (slow RED flashing) Battery charging (RED flashing) 3 Functionalities USB HID Windows Windows Hello Fido U2F (Chrome browser) Fido2 (Windows RS5, edge/Chrome/Firefox) BLE Windows Hello (Windows 10) Mac OS X Fido U2F
(Chrome browser) Fido2
(Chrome/Firefox) Mac Logon
(Password replacement) NFC Main Functionalities:
ATKey.card for Windows Windows Hello ATKey.card for Mac Mac login ATKey.card for FIDO U2F ATKey.card for FIDO2 ATKey.card for NFC reader (Mifare Type A Door locker) Extra Highlights and Troubleshooting iOS Fido U2F
(Chrome browser, Smart Lock app) Android Fido U2F
(Chrome browser, NFC) Connect to https://www.authentrend.com/atkey-card/ for more information. Visit https://fidoalliance.org/ for more FIDO information. or mail to contact@authentrend.com to contact. 4 1. Enroll fingerprint into ATKey.card i) Enroll from Windows 10 (USB or BLE) This will also do Companion with Windows via CDF (Companion Device Framework) for Windows Hello Download app from Microsoft Store Search by keyword (ATKey) or download from https://www.microsoft.com/store/productId/9P7GR8W9SJD3 After installed, find ATKey for Windows icon Before setup ATKey.card, please Enable PIN code for Windows Hello Windows Settings => Accounts => Sign-in Option => Setup PIN Launch ATKey for Windows app 5 Click Add and Register ATKey
(Bluetooth mode) Pick and click the specific ATKey.card to connect: check the 8-digits S/N
(Keycode) on card
(Bluetooth mode: 1/6) pair Windows and ATKey.card Allow from app and also touch Fingerprint on card to confirm the pairing (LED#2 of card is WHITE flashing) 6
(Bluetooth mode: 2/6) enter a name of the card you can have your own name, or just keep the original unique name with S/N (Keycode)
(Bluetooth mode: 3/6) Enroll your fingerprint into card touch and lift by the specific finger base on same angel, but slightly moving fingerprint to enroll wide fingerprint area, it needs around 16 times enrollments. 7
(Bluetooth mode: 4/6) Verify enrolled fingerprint
(Bluetooth mode: 5/6) Register Card as Windows 10 Companion device for Windows Hello 5/6 Verify fingerprint on card, Success, then verify PIN code on Windows 8 5/6
(Bluetooth mode: 6/6) enable Dynamic Lock please ignore this one now (un-check) since it seems Windows 10 may only enable this feature with Smart Phone. Now, your ATKey.card is ready there You can add/delete fingerprints (max. is 10) You can check ATKey.card configurations (firmware version, Battery, Bluetooth information, rename the card) You can remove the card from Windows Now, your ATKey.card is ready with fingerprint and also companioned with this Windows USB is also ready now, since its HID device, no extra driver needs, just insert into USB port, Windows will detect and recognize ATKey.card as a HID device. 9 ii) Enroll from Mac (BLE) o This will also do Companion with Mac via Bluetooth as password replacement o Download app from: https://authentrend.com/download/ATKeyForMac.zip Please make sure your app is v1.1.6 or later versions, or you can upgrade version from Check for updates from app o Install app ATKey for Mac o Please unlock ATKeyforMac.app from Security & Privacy 10 o App is working now, please enable Bluetooth of Mac also o Click Settings to app
(Bluetooth mode) Click Add and Register ATKey
(Bluetooth mode, 1/5) Click the specific ATKey.card by unique S/N (Keycode) on card to pair
(Bluetooth mode, 2/5) Click the specific ATKey.card by unique S/N (Keycode) on card to pair and also have name for the card - default name is base on S/N (Keycode). 11
(Bluetooth mode, 3/5) Enroll your fingerprint into card touch and lift by the specific finger base on same angel, but slightly moving fingerprint to enroll wide fingerprint area, it needs around 16 times enrollments till 100%
(Bluetooth mode: 4/5) Verify enrolled fingerprint
(Bluetooth mode: 5/5) Register as a Companion Device (to unlock/lock Mac) 12 Next to confirm your Mac login password Same as app install, we need your password to authorize it; in addition, we will leverage this password at every login (when fingerprint verify passed!); so if you change your login password, please remember to change it inside app Then, we will guide you to the setting as reminding enable Require password:
immediately from Security & Privacy Settings Paired and Companioned ATKey to your Mac, and the ATKey listed in app 13 Buttons of the ATKey for Mac:
LED: click it, BLUE LED of the ATKey will enable, and flashing for 5 sec. - this is helpful to identify the registered ATKeys if you have a lot of ATKeys there. Fingerprint(s): add (up to 10), delete (delete all), Calibration (re-calibrate fingerprint sensor if you found FRR getting worse or slow response) Configure:
Key information BLE information Rename Re-Companion with Mac: if you change Mac login password, please re-companion and type in new password here. Remove: Remove this ATKey from this Mac iii) Enroll from iOS (Later schedule) iv) Enroll from Android (Later schedule) 14 2. ATKey.card for Windows Hello Windows Hello (Windows 10, USB or BLE) o ATKey can work for multiple Windows if they were companioned; but one Windows can just allow one ATKey. Please check here for the detail to companion ATKey and Windows o Windows Logon (Windows Hello) Message on Windows logon screen When this message comes (LED#1 of ATKey is blue flashing), you can logon via ATKey fingerprint matching;
If the message is not showing, you may need to hit Space bar sometimes to push Windows checks Companion Device to show. Via USB when LED#1 is blue flashing, touch your enrolled fingerprint to verify
(Success: LED#2 is Green) to login ATKey is doing battery charging at the same time:
LED#2 is RED flashing;
LED#2 is off at full charging;
ATKey Bluetooth is off when it is in USB data mode. Via BLE Press Power button of ATKey, it will ON with BLE broadcasting (LED#2 is blue flashing) to all paired devices to connect, ideally it will connect the near one 15 since its base on RSSI; when the ATKey connected to the target Windows (LED#2 is blue ON), then LED#1 is blue flashing, touch your enrolled fingerprint to verify
(Success: LED#2 is Green) to login ATKey will be off automatically if there is no operations or interactions for 60 seconds. 16 3. ATKey.card for Mac Login Companion ATKey.card and Mac o Check here for the detail to enroll fingerprint and also companion ATKey with Mac o Only for warm boot (sleep, hibernate), we cant support login at cold boot (restart, shutdown) Via BLE Press Power button of ATKey, it will ON with BLE broadcasting (LED#2 is blue flashing) to all paired devices to connect, ideally it will connect the near one since its base on RSSI; when the ATKey connected to the target Mac (LED#2 is blue ON), then LED#1 is blue flashing, touch your enrolled fingerprint to verify (Success: LED#2 is Green) to login If your Mac starts from cold boot and Restart, it did not allow ATKey as authenticator to login ATKeyforMac app must be alive ATKey will be off automatically if there is no operations or interactions for 60 seconds. We did not support USB mode to login Mac yet. 17 4. ATKey.card for FIDO U2F Browser base but Chrome only - One Card for Windows, Mac, iOS and Android Here are FIDO U2F ready services:
Or you can search and find available FIDO U2F certified server here:
https://fidoalliance.org/certification/fido-certified-
products/?appSession=8YT7Z25V0DOH6M41OQG26WI22N0F6D5MF9W19F58545OZWKJPBOH5XMB874A6596S8432G491 GGF12B5Y7PIAM6PKR09S5G9Z3Q9T0FLK91C5445079DO1NWZFP8714Q
(USB) FIDO U2F from Windows (Windows 7/8/8.1/10) and Mac OS Chrome browser o Take Google as example:
Login your Google account Enable 2FA from Sign-in & Security Turn 2-step Verification ON Following Google steps 18 login again by ID/Password o o Add your mobile phone in and select Text message Type-in received SMS code to confirm to turn on 2-step verification o Page down to find Security Key and ADD SECURITY KEY o 19 o Prepare the ATKey insert ATKey.card to USB port, click NEXT to register the key o Register ATKey here 20 LED#1 of ATKey.card is flashing, touch by your registered finger, when Green LED is ON, it means fingerprint verified and register this ATKey to Google U2F server; if Red LED is on, it means fingerprint failed, wait and verify again o Register ATKey done, type-in the name of the key (you can use the name of your ATKey, or any Nick name you can remember which key is) Then you can see the registered ATKey shows there:
o 21 o You can re-login the google account, ID/Password first, then it will request 2nd factor LED#1 is blue flashing, touch to verify your fingerprint to login For other U2F enabled service:
o Dropbox: https://www.dropbox.com/help/security/enable-two-step-verification Facebook: https://www.facebook.com/notes/facebook-security/security-key-for-
safer-logins-with-a-touch/10154125089265766/
Github: https://help.github.com/articles/configuring-two-factor-authentication-
via-fido-u2f/
Salesforce:
https://help.salesforce.com/articleView?id=security_u2f_enable.htm&type=5 22
(Bluetooth) FIDO U2F via iPhone/iPad (iOS) app Smart Lock and Chrome browser o Smart Lock (download from app store) Add your Google account in Pair your Security Key (ATKey) Pair ATKey.card and iPhone o o ATKey.card: LED#2 is WHITE ON, touch fingerprint to confirm the pairing iPhone: click Pair to continue when its done, showing the google account in Smart Lock as below screenshots 23 o Chrome Browser login your google account by U2F Login by ID/Password first, then need to power on ATKey.card , to verify fingerprint to login Power on ATKey.card now, they will connect (LED#2 is blue ON) to request fingerprint verification
(LED#1 is flashing) 24
(NFC) FIDO U2F via Android phone/tablet Chrome browser o Sign in Google account via Chrome browser ID/Password first Request Security Key and turn on NFC Authenticate via ATKey through NFC Power on ATKey.card LED#1 is flashing, just touch fingerprint to verify to enable NFC (for 15 sec.) ATKey.card contacts Android Phone
(back side) to send U2F token via NFC
(JavaApplet) to Phone to server for authentication 25 5. ATKey.card for FIDO2 Please check https://fidoalliance.org/fido2/ for more ideas about FIDO2 ATKey.card is FIDO2 certified Link of the certified products:
(https://fidoalliance.org/certification/fido-
certified-
products/?appSession=276TI9VOA93161HHG NKF95CK9973MQT6H7HW96L3C707U348CS8 TDF7GLM6YZ3TT333P4XNQ4G35ZOXO66JV1 6382X3H96SC91X20J5U4929JH452SNN6BW9 8QKD2L1B) Browser base (WebAUTHN Edge, Chrome) for Windows and Mac via USB only o Windows 10 RS5, Edge browser must be v44.17738.1000.0 or later version o Chrome Canary browser v70.0.3528.0 or later version; and please follow below screenshot to enable flags. 26 o FIDO2 server Please check below certified FIDO2 server to try with ATKey.card (USB only) https://fidoalliance.org/certification/fido-certified-
products/?appSession=735HXT4BHP6S5B453PCZH40LZB8J07Y1PJH7C6Z5PNHR57GTRVEV492OWX3E8R YS335G6IU935S92W99707J73Q1KS1385CC6Y2AY15T5197JR1K5C212T703WTBY31Z 27 6. ATKey.card for NFC Reader ATKey.card is a NFC tag type for ISO14443 & Mifare Type A NFC reader o Mifare ID is resident and unique ID inside SE/NFC chip o For NFC door locker If there is a Mifare ID table in the backend of NFC card reader (Door NFC reader), just need to copy Mifare ID of those specific cards Or register ATKey.card to Mifare Type A NFC door locker 28 Extra Highlights and Trouble Shooting Pending mechanism for security Security level is high: Fingerprint FAR < 1/50000, FRR < 2%
For even higher security, we support lock mechanism to avoid trying by fake fingerprint continuously Allow 5 times fingerprint verifications, if it fails 5 times continuously:
1st time: lock card for 1 hour 2nd time or later: lock card for 12 hours Battery From factory finish good, it is 3.8V (~50%) Battery low is 3.67V (~35%), please do battery charge If the battery is lower than 3.4V, ATKey.card can not boot You need doing battery charge for a while (ATKey.card is no response at beginning), then ATKey.card can boot again If the battery is lower than 3.0V, battery protects by Hardware (PCM) You need doing battery charge for a while (no response from ATKey.card for a while). Bluetooth We are BLE mode (Bluetooth smart), its low power consumption (comparing with Bluetooth mode) ATKey.card is USB data mode (insert PC or ..), we will stop BLE mode; but if ATKey.card is USB battery charging (using USB power adapter), BLE is still ON. Demo Video https://youtu.be/zfGS9shUiMs (Setup ATKey.card) https://youtu.be/3budV7ji250 (ATKey.card for NFC door, PC) https://youtu.be/MAomJowMuzc (ATKey.card for Mac) https://youtu.be/fiAaX7PsNvk (ATKey.card for FIDO U2F: PC) https://youtu.be/IzewBCCXyvA (ATKey.card for FIDO U2F: Android) https://youtu.be/6SwYWws07IA (ATKey.card for NFC door) 29 FCC and NCC statement 30