AmbiSecure BioKey
A USB security key with an on-device fingerprint sensor. Match-on-device user verification, FIDO2 phishing-resistance, and the form factor administrators already know.
When the security key needs an inherence factor.
Match-on-device
Fingerprint template stays inside the key. The host operating system never sees biometric data.
Two factors in one
Possession (the key) and inherence (the fingerprint) on a single device. AAL3-eligible architecture.
PIN-free
Replaces the keyboard PIN with the on-device sensor. No shoulder-surfing, no shared keyboard surface.
Phishing-resistant
FIDO2 origin binding still applies. The biometric is the user verification factor for WebAuthn.
Universal Windows / macOS / Linux
Standard CTAP2 transport. Works wherever a FIDO2 authenticator works.
Durable
Solid-state sensor. No battery. Thousands of authentications without service.
What is in the key.
| Form factor | USB-A or USB-C variant; ~39 × 12 mm; capacitive fingerprint sensor |
|---|---|
| Interfaces | USB-HID; ISO/IEC 14443 Type A (NFC) optional variant |
| Protocols | FIDO2 (CTAP2.1) with internal user verification; FIDO U2F |
| Biometric | On-device capture, on-device storage, on-device match. ISO/IEC 19794-2 minutiae template |
| Cryptography | ECC P-256, ECC P-384 (optional), SHA-256, SHA-384 |
| Resident credentials | Up to 25 discoverable credentials |
| Operating system | JavaCard 3.x with GlobalPlatform 2.3.1 |
| Certification target | FIDO Certified L1 (target); FIDO Biometric Component certification path; CC EAL5+ chip |
| MOQ | Pilot batches from 50 units; production from 500 units |
Where this fits in the bigger picture.
Standardising on a biometric security key?
Tell us your AAL target, host platforms, and volume. We can usually ship a pilot batch within 6–8 weeks.