HYPR is compatible with all devices and a number of leading biometric authentication modalities including fingerprint, voice, face, retina, iris, and behavioral biometrics. Choose from any of our supported on-device authenticators:
The HYPR platform is device-agnostic and supports desktop and mobile operating systems including iOS, Android, Windows, OSX and Linux.
All keys used to generate Biometric TOTP tokens never leave the device. The keys are generated using a True Random Number Generator (TRNG) at provisioning time. The keys are not pre-generated by HYPR, are not modifiable on the device and cannot be retrieved from the device.
Yes, the fingerprint is verified on the HYPR-3 Token via advanced fingerprint matching protocols. The 3-D swipe sensor utilized by the device authenticates the fingerprint directly on the device. The user’s fingerprint data never leaves the microprocessor.
The HYPR-3 token communicates securely over Low Energy Bluetooth (BLE). Contact our enterprise support team to discuss customization needs such as NFC (Near-field Communication).
The TOTP is generated by the HYPR-3 Token device and is verified by an API server. The HYPR validation server can be deployed on premise or on the HYPR-Secure biometric cloud.
All information leaving the HYPR device is signed on the device before being transmitted over Bluetooth. If malicious actors intercepted the traffic they could not read or modify its contents. In addition, the HYPR-3 biometric OTP implements channel binding protocols to mitigate MITM vectors. To learn more about these protocols, request an evaluation.
The HYPR device performs authentication via UAF and Biometric TOTP (See RFC 6238). Each HYPR device contains a TRNG-based secret that is used to generate a TOTP token. When a user swipes their finger and successfully authenticates their biometric signature on the device, the TOTP token generated is then encrypted and transmitted to the device requesting authentication – such as a user’s mobile device or desktop computer. The intermediary device then forwards the encrypted TOTP to a server where the signature and TOTP are verified. If the verification is successful, access is granted. Here’s a diagram of the biometric validation server.
The HYPR token uses RFC-6238 for TOTP. Our secret generation satisfies FIPS 140-2 section 4.9.1 with cryptographically strong sequences specified in RFC 1750. Signing algorithms supported are RSA (minimum of 2048 bit keys) and ECDSA (256 bit keys). See FIPS 186-3.
The HYPR-3 Token can generate custom X509 certificates as well as import custom certificates for signing messages when needed. All communication with the device is done over a PKI signature verification scheme. To discuss custom certificates with our developers, contact us directly.
The HYPR-3 Token operates on 2 small replaceable coin cell batteries. The expected lifetime with normal use volume (5 authentications per day) use is a minimum of 2 years. When there is a power failure, keys are not destroyed and the battery can easily be replaced.
The time source is built into the HYPR-3 device and is based on Unix time.
RFC 6238 does not have specifications for digital signatures. The TOTP is generated on the HYPR-3 Token and is then encrypted with a key that is stored on the device at the time of provisioning.
The hardware microprocessor embedded in the HYPR-3 Token contains a True Random Number Generator (TRNG) that is powerful at generating random numbers following the recommendations mentioned in RFC 1750.
We encourage our customers to deploy the HYPR-1 suite and make use of the numerous biometric mobile devices available for BYOD biometrics. Certain organizations across the enterprise, banking, healthcare, and law enforcement sectors enforce strict regulatory guidelines that prevent the use of consumer devices for authentication. These institutions require specialized tamper-proof security tokens, for which provide the HYPR-3 biometric token. The device gives relying parties a low-cost and easy solution for deploying biometric authentication while maintaining the necessary levels of compliance.
The seed token that HYPR-3 device utilizes for authentication is generated internally via a True Random Number Generator (TRNG) on the device and a NIST approved PRNG. HYPR Corp does not have access to seed tokens, nor are we capable of modifying or deploying HYPR Tokens with modified seeding protocols.
The seed token is generated by users at inception when they are prompted to swipe their fingerprint five times to register. The seed token is generated via a TRNG located within the HYPR-3 Token’s tamper proof casing.