Authentrend Atkey.card User manual

2
| Table of Content
•About ATKey.Card Page 3
•Outlook Page 4
•Highlights Page 5
•3 Steps Quick Start Page 6
•USB Page 7
•BLE Page 8
•NFC Page 9
•LED Page 11
•Fingerprint enrollment Page 12
•APP –ATKey for Windows Page 16
•APP –ATKey for Mac Page 18
•Windows Hello Page 20
•Mac Companion Page 22
•FIDO2: Azure AD Page 23
•FIDO2: Microsoft account Page 25
•FIDO U2F Page 27
•NFC Access Control Page 32
•Regulations Page 33

•USB HID + BLE + NFC device, no driver needs

•Portable key for any Windows, Mac or Chromebook

•Up to 8x fingerprints, matching < 1 sec., FAR < 1/50,000, FRR < 2 %

•FIDO2 certificate

| Outlook

•Each key has his own unique keycode

•It’s equal to serial number

•Check keycode for production records,

customer service and also warranty

LED#1 (Blue)

LED#2 (RGB Tri-color)

Fingerprint sensor

Power button

Keycode

Mifare ID, 8-digits

90mAh Li-on rechargeable

battery

NFC Antenna area

USB Connector (back side)

| Highlights

Before Starts:

•Please do battery charging before you use the card –insert card to USB port

or any USB power adaptor

•If ATKey.card connected to USB port but nothing happened (no LED ON), please

wait for a while since there is protect circuit to make sure the battery voltage is not

lower than 3.0V

•USB port of PC: USB mode, ATKey.card can work as USB key

•USB power adaptor: BLE mode, ATKey.card can work as BLE key

•ATKey.card will be OFF automatically if it’s in idle state for 60 seconds (no any

operations, not insert to USB port, no BLE device connected)

•NFC is off, only when fingerprint matched, NFC is ON for 15 seconds (not is

USB mode, not in BLE mode)

firmware

JavaApplet

•Recommended firmware version 3.00.21.37 or later version

•You can do firmware/JavaApplet upgrade through ATKey app

* JavaApplet needs to sync with firmware version; recommended by 2.0.1

| 3 Steps Quick Start

Step 3

Fingerprint matching for authentication

Step 2

Step 1

Enroll fingerprint to ATKey

Windows Hello (option)

FIDO U2F

FIDO2

•Add ATKey to Azure AD as

security key

•Add ATKey to MSFT account

as security key

Windows Logon (via CDF)

Salesforce, Gitlab via Chrome

browser as 2nd factor

Passwordless login Microsoft account

or other FIDO2 authentication via

Browsers on Windows , Mac and

Chromebook

OTP (option) 2FA via OTP

Azure AD Passwordless logon

By Standalone enrollment (patent filing)

https://youtu.be/BdF_1jbowXw

or through “ATKey for Windows” app

or through Windows Settings (build 1903

or after builds) via USB or BLE (doing BLE

paring with Windows first)

Or through Chrome Canary browser

(version 81.0.3991.0 or later version)

* If your Windows joined Azure AD, don’t enable this one

* This is only for customization projects or customers

You can find FIDO security key readiness services from here:

https://www.dongleauth.info/

| USB

•USB 2.0 Type A

•USB HID device

•USB for data and also battery charge

•Plug USB connect out from backside,

insert it into USB port

•If ATKey.card connected to USB port but

nothing happened (no LED ON), please

wait for a while since there is protect

circuit to make sure the battery voltage

is not lower than 3.0V

•If it’s USB port of PC: USB mode,

ATKey.card can work as an USB key

•If it’s USB power adaptor: BLE mode,

ATKey.card can work as a BLE key

What we can do through USB:

•Add/Delete fingerprint

•through ATKey for Windows

•through Windows Settings

•Firmware version and upgrade

•through ATKey for Windows

•FIDO2

•USB security key for

Windows, Mac and

Chromebook via Edge,

Chrome, Firefox browsers

•Azure AD Passwordless login

•FIDO U2F

•USB security key for Chrome

browser for Windows, Mac

and Chromebook

•Windows Hello

•Battery charge

•OTP (options)

LED:

LED#1 LED#2

ON OFF USB mode, battery is

100% charged

ON flashing Battery charging

flashing Wait for fingerprint

verification

OFF OFF Battery voltage is lower

than 3.0V, please wait for

a while doing battery

charges until LED#2

showing yellow flashing

LED#1

LED#2

LED indicator in USB mode:

| BLE - Bluetooth low energy

•Bt4.2 BLE mode

•1st thing: pair target device & ATKey.Card

What we can do through BLE:

•Add/Delete fingerprint

•through ATKey for Windows

•Through ATKey for Mac

•through Windows Settings

•Firmware version and upgrade

•through ATKey for Windows

•Through ATKey for Mac

•FIDO2

•BLE security key for Windows,

Mac and Chromebook via

Edge, Chrome, Firefox

browsers

•Azure AD Passwordless login

•FIDO U2F

•BLE security key for Chrome

browser for Windows, Mac ,

Chromebook, Android, IOS

(app Smart Lock needs)

•Windows Hello via BLE

•Mac login via BLE

LED:

LED#1 LED#2

ON Flashing BLE broadcasting

ON ON BLE connected to device

flashing ON BLE connected and wait

for fingerprint verification

ON flashing BLE secure pairing mode

ON flashing Touch fingerprint sensor

to confirm the pairing

ON Slow

flashing Battery low –please do

battery charging via USB

LED#1

LED#2

LED indicator in BLE mode:

Device (Windows, Mac,

Chromebook, iOS,

Android) or App is ready

for pairing •Power on ATKey.card

•Double-click power

button to secure

pairing mode (LED#2)

•Scan and find

specific card –

check the

keycode to

identify the card

•Select it to pair

•Touch fingerprint

sensor to confirm the

pairing (LED#2)

| NFC

•Work with ISO 14443 Mifare Type A

(for 13.56MHz NFC reader)

•USB/BLE NFC card reader

•Android Phone

•NFC access control

•NFC door locker

•NFC is off, only boost after

fingerprint matching for 15 seconds

•8-digits unique Mifare ID

•App is running on JavaApplet

What we can do through NFC:

•FIDO2 (via JavaApplet) –by demands

•NFC security key for Windows,

Mac and Chromebook via Edge,

Chrome, Firefox browsers

•Azure AD Passwordless login

•FIDO U2F (via JavaApplet)

•NFC security key for Chrome

browser for Windows, Mac ,

Chromebook AND Android

•NFC access control or door locker

(via MiFare ID)

•Power on ATKey.card, verify

fingerprint to turn NFC ON,

then it’s same as normal

NFC card to

touch/touchless to reader

to unlock; NFC is ON for 15

seconds

•But if ATKey.card is in USB mode

or BLE connected mode, NFC

won’t be enabled

LED:

LED#1 LED#2

flashing Flashing Verify fingerprint to

enable NFC

ON ON NFC is ON

LED#1

LED#2

LED indicator in NFC mode:

Note:

at Power ON, BLE starts broadcasting,

before BLE connected, fingerprint verified,

NFC will be ON for 15 sec.; but if BLE

connected, fingerprint matching is for BLE;

if your host is PC (Windows or Mac or

Chormebook), recommend not paired BLE,

by NFC only to avoid BLE/NFC conflicts to

Card.

| OS vs. Interface vs. Functionalities

BLE USB NFC

Enroll fingerprint

√ √

Azure AD logon (FIDO2)

√ √ by demands

Windows 10

build 1903 or later version

•

FIDO2 (Edge, Chrome, Firefox)

•

U2F (Chrome)

√ √ √

Windows 10 build 1809 …

•

FIDO2 (edge, Chrome, Firefox)

•

U2F (Chrome)

√

Windows logon via Windows Hello (CDF)

√ √

Android:

•

FIDO2 (Chrome browser on Android)

•

U2F (Chrome browser on Android)

√

iOS:

•

U2F (Chrome browser on iOS via Smart Lock) √

Mac OS X logon

√

Mac OS FIDO2 and U2F via Chrome browser

√ √ √

Chromebook FIDO2 and U2F via Chrome browser

√ √ √

NFC door locker (

Mifare typeA) √

•For FIDO2, FIDO U2F or Windows Hello, you can just register by one interface (USB or BLE), then you can use the

card via any interface (USB, BLE, NFC) for authentications

| LED

LED#1 LED#2

ON ON

•

ATKey.card is locked (due to continuous 5 times fingerprint mismatching).

•

Please wait for 1 (1st time) or 12 hours (from 2nd time) to unlock

ON ON

•

Normally this is BLE issue (BLE connected, fingerprint verified, but still

waiting response from Host)

•

Please re-boot the card (long-press power button to power off, then click

power button to power ON)

- Slow flashing

•

Battery low, please do battery charge via USB

flashing (waiting

for fingerprint

matching)

ON for 1 sec.

•

Fingerprint matching failed

•

Fingerprint matched, and NFC is ON (if it’s not in USB or BLE connected)

ON flashing

•

Request to confirm the BLE pairing

•

Touch fingerprint sensor to confirm the pairing

•If this happens on “standalone mode” (click power button 3x times), please

enroll your fingerprint (there is no fingerprint template inside the card)

ON flashing

•If this happens on “standalone mode” (click power button 3x times), please

do fingerprint matching first (fingerprint already enrolled into card), then

you can start to enroll new fingerprint

ON flashing

OFF

•

Battery charging

•

Battery charge full, stop charging

OFF OFF

•

(power on but no LED ON) very low battery, please do battery charge and

wait till LED is ON

LED: LED#1

LED#2

•Click target ATKey.card, click “Connect” from UI and

touch fingerprint sensor (LED#2 is white flashing) to

confirm the pairing

•Then ATKey is paired with battery indicator (OS 1903

build or later version)

•Or you can skip BLE pairing, just using USB for

fingerprint enrollment

•Go to “Windows Settings (OS build is 1903 or later

version) – Enroll fingerprint” page for the detail 12

| Step1: Fingerprint Enrollment (up to 8x fingerprints)

•Power on ATKey.Card

•Check Youtube video here for the detail:

https://youtu.be/BdF_1jbowXw

•LED#1 is BLUE ON, quick click power-button

3x times to go into enrollment mode:

•If there is no any fingerprint enrolled, LED#2

turns to WHITE

•If there are any enrolled fingerprints, LED#2 is

GREEN flashing, please verify enrolled

fingerprint to start enrolling new finger

•Put your specific finger on sensor, touch

fingerprint sensor circle and slow (LED is

WHITE flashing, from slow to faster), till LED

shows GREEN, then your fingerprint is

enrolled

•If you want to quit from standalone

enrollment, click power button once, LED will

turn to Blue, back to normal state.

Standalone enrollment Enroll from Windows Settings

•If your OS is Windows 10 build 1903 or later versions,

you can manage ATKey as security key through

Windows Settings

•(BLE) Pair ATKey with your Windows first

•Through Windows Settings => Device => ADD

Bluetooth or other device

•Add a device - Bluetooth

•Power on ATKey, double-click power button to

BLE secure pairing mode (LED#2 is cyan

flashing), then you will see the ATKey.card

showing (ATKey.card-keycode)

| Step1: Fingerprint Enrollment (up to 8x fingerprints)

•Download “ATKey for Windows” app from

Windows Store to manage ATKey:

•Enroll fingerprint

•Add/delete fingerprint

•ATKey information

•Companion ATKey to Windows (Windows

Hello login)

•Firmware upgrade

•Search “ATKey” or “AuthenTrend” from

Windows Store to find the app, download

and install

•Jump to “ATKey for Windows” for the detail

Enroll from ATKey for Windows app

•Download “ATKey for Mac” app from

https://authentrend.com/download/ATKeyForMac.zip to

manage ATKey:

•BLE mode only

•Enroll fingerprint

•Add/delete fingerprint

•ATKey information

•Companion ATKey to Mac ( Mac login,

password replacement)

•Firmware upgrade

•Jump to “ATKey for Mac” for the detail

Enroll from ATKey for Mac app

| Step1: Windows Settings (OS build is 1903 or later version)

•Windows Settings => Account => Sign-in options => Security Key => add “PIN code” and enroll “Fingerprints”

•It works for both USB and BLE interface (for BLE, please double-click power button to BLE paring mode to pair with Windows)

Click “Manage”,

touch fingerprint sensor to setup

Add “Security Key PIN” first;

this PIN code will write into

ATKey.Pro

•Setup “Security Key

Fingerprint”

•Type-in PIN code, following

screen hint to enroll

fingerprint, until “All Set!”

| Windows Settings (OS build is 1903 or later version) –Reset Key

•Windows Settings => Account => Sign-in options => Security Key => Reset Security key (Delete PIN code and erase all fingerprints)

Touch fingerprint to confirm reset;

Not verified enrolled fingerprint to rest, this designed for IT Administrator

Power on ATKey.card, doing

“reset” within 10 seconds

(after card booting), this is

Microsoft rule

Microsoft required spec.- for authenticator reset: in order to prevent accidental trigger of this

mechanism, user presence is required. In case of authenticators with no display, request MUST have

come to the authenticator within 10 seconds of powering up of the authenticator.

| Step1: App “ATKey for Windows” – Enroll fingerprint

•Launch “ATKey for Windows” app (version 2.0.55.0 or later version)

•Click “Add and Register ATKey” –please make sure ATKey is ON (LED#1 blue ON, LED#2 blue flashing)

•Double-click power button to secure pairing mode (LED#2 is cyan flashing)

Circle enroll your fingerprint

Verify enrolled fingerprint to confirm

ATKey.Pro fingerprint enrolled and

Default name is -: ATKey.card + Keycode

LED#2 is WHITE flashing, touch fingerprint to confirm the

pairing, and also click “Yes” from UI.

| App “ATKey for Windows” – Key Management

•ATKey management –information, rename, firmware upgrade

•“Check for Update”

•Select encrypted firmware image to upgrade manually

•Please wait till 100% done, power off ATKey.Card, then power on again, LED#2

starts WHITE flashing for a few seconds, then back to Blue flashing, it means

firmware is upgraded.

•read firmware version here

•Read “keycode” here

| Step1: App “ATKey for Mac” – Enroll fingerprint

•If ATKey is only for only service (FIDO2, U2F, OTP, …), you can

just enroll fingerprint via standalone enrollment, then using

USB or BLE (do pairing first) directly, no need to download

app here.

•Download app from:

https://authentrend.com/download/ATKeyForMac.zip

•Please make sure your app is v1.2.5 or later versions, or you

can upgrade version from “Check for updates” from app

•Install app “ATKey for Mac”

•Please unlock “ATKeyforMac.app” from Security & Privacy

•App is working now, please enable Bluetooth of Mac also

•Add ATKey –pairing to Mac (BLE only)

App auto updates, not ATKey

•Double-click power button

to secure BLE pairing mode

(LED#2 is cyan)

•Touch fingerprint sensor to

confirm paring (LED#2 is

WHITE)

| Step1: App “ATKey for Mac” – Enroll fingerprint

•Circle enroll your fingerprint into card until 100%

•Verify enrolled fingerprint

| App “ATKey for Windows” – Windows Hello

•ATKey management –Companion with Windows (Windows Hello login via CDF)

•If your Windows 10 joined Azure AD, please ignore this page since FIDO2 is ready for Azure AD login, it may conflict with Windows Hello

•Type in “Windows Hello PIN” to allow the companion;

•Some Corp. or Org. may disable this group policy by IT

Admin, if you saw the message, please contact your IT.

This icon means it’s a companion key for

Windows Hello via CDF (Companion Device

Framework)

Guidelines for Windows Hello:

•Windows Unlock with Windows Hello

companion devices

•How to Enable or Disable users to use

Companion device to sign in to Windows

•Enable or disable Domain users to sign in

with PIN to Windows 10

Other manuals for ATKey.Card

Table of contents

Other AuthenTrend IP Access Controllers manuals

AuthenTrend

AuthenTrend ATKey User manual

Popular IP Access Controllers manuals by other brands

Conrad Electronic

Conrad Electronic KeyMatic CAC operating instructions

Roger

Roger MC16 installation manual

Roger

Roger ME-14-24V user manual

PAC

PAC 212 install guide

Schlage

Schlage RC Pure IP user guide

EverFocus

EverFocus EFC304 user manual

Siemens

Siemens SR35iA/8 Configuration manual

FingerTec

FingerTec H2i Installation guides

LOXONE

LOXONE 100210 manual

Spintly

Spintly Smart Access Uno user manual

ViziT

ViziT KTM602F operating instructions

Nice

Nice EPad manual

SoundCraft

SoundCraft Secura Key Radio Key RK-65K operating guide

Ruijie Networks

Ruijie Networks RG-WLAN Series Configuration guide

Steren

Steren SEG-155 instruction manual

eKey

eKey home FS IN operating instructions

EVVA

EVVA AirKey E.A.WL.CUS Assembly manual

ZKTeco

ZKTeco C2-260 installation guide

AuthenTrend ATKey.Card User manual

Popular IP Access Controllers manuals by other brands