The HYPR-Secure biometric server ensures that biometric templates and credentials never leave your users’ devices. Tokens and cryptographic signatures are validated on the server-side through FIDO authentication server.
At the time of registration, the validation server and a trusted device’s embedded biometric sensor jointly establish a secure communication channel to verify that they are corresponding only with one another and not to a remote malicious party. The authenticator, e.g. a fingerprint reader, then assures that a user’s initial registration request has arrived from the HYPR validation server. The outcome of the registration process is the formation of a symmetric token seed. This seed token validates a specific account’s authentication requests. At inception, following creation of a seed token, future validation requests will occur seamlessly without the need for user verification to happen as a consequence of a return-trip mechanism.
Following registration of the user’s trusted device with the HYPR biometric cloud, authentication occurs as a request made directly to the sensor. TOTPs are in force valid for a duration that is predetermined, often in seconds to help ensure even more so the highest degree of security. By implementing strong Transport Layer Security (TLS), HYPR-Secure protocol communications travel along an encrypted channel.