Ambimat GroupAmbimatAmbiSecureSIMAuthAmbiAutomationEngineering BlogAhmedabad · India · Est. 1982
ASAmbiSecureHardware-rooted security
Contact
Biometric Security Key

AmbiSecure BioKey

A USB security key with an on-device fingerprint sensor. Match-on-device user verification, FIDO2 phishing-resistance, and the form factor administrators already know. For legacy services that still need OTP codes, the BioKey On-Device TOTP extension adds hardware-sealed, fingerprint-gated TOTP on the same key.

FIDO2BiometricUSB-A / USB-CNFC option
Request datasheet Compare to OnePass USB Key
AmbiSecure BioKey biometric security device
Why BioKey

When the security key needs an inherence factor.

Match-on-device

Fingerprint template stays inside the key. The host operating system never sees biometric data.

Two factors in one

Possession (the key) and inherence (the fingerprint) on a single device. AAL3-eligible architecture.

PIN-free

Replaces the keyboard PIN with the on-device sensor. No shoulder-surfing, no shared keyboard surface.

Phishing-resistant

FIDO2 origin binding still applies. The biometric is the user verification factor for WebAuthn.

Universal Windows / macOS / Linux

Standard CTAP2 transport. Works wherever a FIDO2 authenticator works.

Durable

Solid-state sensor. No battery. Thousands of authentications without service.

Specifications

What is in the key.

Form factorUSB-A or USB-C variant; ~39 × 12 mm; capacitive fingerprint sensor
InterfacesUSB-HID; ISO/IEC 14443 Type A (NFC) optional variant
ProtocolsFIDO2 (CTAP2.1) with internal user verification; FIDO U2F
BiometricOn-device capture, on-device storage, on-device match. ISO/IEC 19794-2 minutiae template
CryptographyECC P-256, ECC P-384 (optional), SHA-256, SHA-384
Resident credentialsUp to 25 discoverable credentials
Operating systemJavaCard 3.x with GlobalPlatform 2.3.1
Certification targetFIDO Certified L1 (target); FIDO Biometric Component certification path; CC EAL6+ chip
MOQPilot batches from 50 units; production from 500 units
Connected reading

Where this fits in the bigger picture.

Extension: On-Device TOTP

Hardware-sealed OTP for legacy MFA — FIDO2 and TOTP on one key.

View extension →

Product: OnePass USB Key

The non-biometric tier of our USB security key range.

View product →

Solution: Workforce Identity

Where BioKey fits in the AAL3 enterprise rollout pattern.

View solution →

Technology: WebAuthn

How user verification flows through WebAuthn to the authenticator.

View technology →

Blog: AmbiSecure products & CRA readiness

How BioKey’s secure user authentication supports a CRA-aligned product-security architecture.

Read article →

Standardising on a biometric security key?

Tell us your AAL target, host platforms, and volume. We can usually ship a pilot batch within 6–8 weeks.

Request a pilot