Biometric Credential FAQ: Common Questions Answered
Explore the answers to the most frequently asked questions about biometric credentials in this informative guide.
Among several differentiators, the SentryCard’s antennas are undiscoverable until an on-card biometric authentication takes place. Once a user biometrically authenticates to the credential, the microprocessor validates the match and makes the antennas discoverable again during the transaction, whether opening a door or logging into a computer.
No, there’s no need for rip and replace. The SentryCard is completely open-architected, meaning that it is compatible with all leading access control systems, door readers, and readily connects to the Active Directory via commonly used software (Microsoft, OKTA, PingID, VeridiumID, Windows Hello, Google, Citrix, Azure, etc.) Sentry maintains an “agnostic” approach to access control and has the ability to integrate (or embed) any of HID’s technologies (Prox, iClass, iClassSE and SEOS) as well as the entire NXP MiFARE suite (MiFARE Classic, DesFIRE EV1 and DesFIRE EV2), allowing it to work with any existing readers.
Please also reference the Enrollment videos in the Resources Section of the website. A user’s fingerprints are enrolled directly onto the SentryCard itself and never need to pass-thru or be stored on a database of server. This is critical in the on-going compliance requirements of GDPR (General Data Protection Rights), the CCPA (California Consumer Protection Act) and the growing number of BIPAs (Biometric Information Protection Acts).
SentryCards are designed with firmware allowing the enrollment of two (2) fingers. The two fingers need to be enrolled concurrently.
No, any two fingers can be selected, a thumb from each hand is recommended.
Generally, less than 30-seconds to load two different fingers.
No, once the biometrics have been enrolled onto the SentryCard they are irreversible and no longer able to be changed.
(either due to ethnicity or being worn-out) don’t work well with readers?
SentryCard utilizes a capacitive fingerprint sensor produced by Fingerprint Cards, a Swedish manufacture that has deployed a billion+ sensors. The SentryCard uses a large sensor array (160 X 160 pixels) with 508 DPI resolution, enabling the most robust matching capability in the market. There will always be exceptions, but the capacitive technology within the SentryCard has proven to overcome the otherwise most common matching issues.
The FAR is 1 in 50,000. That said, consider that the biometric within the SentryCard is decentralized, meaning that 50,000 unique people would have to be in possession of the credential to attempt a false acceptance. Compare that scenario again current solutions, where there could be hundreds of thousands of user biometrics in a database that one user’s biometric could be matched with.
Yes. Because a SentryCard will work with your existing infrastructure, you can integrate the use of Sentry while phasing out your existing/older ID populations.
There are numerous reasons, starting with the understanding that a phone, although a convenient answer, is not a secure answer. 1) In the vast-majority of cases, phones are owned by the user and not the enterprise; 2) The user controls the loading of biometrics on the device; 3) Multiple biometrics can be loaded/changed on the device by the user; 4) Phones still utilize a back-door PIN code for access that can be shared/stolen; 5) Phones are always connected (Wi-Fi or Cellular) and thereby discoverable by bad actors; 6) Phones have innumerable other applications within them, allowing malware and back-door access to the device; 7) Phones aren’t allowed in most enterprises secure environments, call centers and other critical areas; 8) Imagine the number of different types of phones within an enterprise, all with potentially different levels of operating systems. What would the help-desk burden be to manage access control issues across so many different versions?
The read-range of a SentryCard is 1-2 centimeters. Again, the SentryCard is a sophisticated piece of electronics that harvests energy from the reader. It takes up to 500 milliseconds (half a second) to process multiple functions within the card itself.
SentryCard is a powered-card solution, utilize both energy-harvesting as well as a lithium-ION battery. SentryCards are designed for approximately 33,000 uses, typically translating to between 3 to 5-years of lifespan, based upon 30-40 uses per business day.
Yes. you can print directly on the SentryCard using a RE-TRANSFER printer but due to the texture on the credential DTC (Direct to card Printers) do not currently work well. We have tested the HID/FARGO 5000 and Canon IX-R7000 printers. The only caveat is that you cannot apply an additional laminate overlay on the sensor side.
No. Due to the amount and sophistication of the electronics within the SentryCard, it is unable to be punched. That said, Sentry provides an acrylic card sheath with both a vertical and horizon tab for a lanyard that provides a convenient way for the user to access the biometric sensor for use.
The end-user will need to complete and submit the HID authorization form directly to HID before we can begin manufacturing.
If you are ordering Elite Key or Corporate 1000 you have a 100 card minimum, the same as you would order today.
The biometric sensor is sonar like 3D picture of your fingerprint, which can somewhat see through certain types of thin materials like a very thin latex glove. It does reduce the effectiveness of the sensor.
Currently, you only need to fill out a form if you are needing Corporate 1000 or HID.
Any access control system that utilizes HID, LEAF, LEGIC, DESIFIRE/MIFARE or FIDO2 credentials. Sentrycard is typically matched with the existing readers.
Your local IT/OT team would have the ability to establish requirements for your own organization
We have a demo package with a variation of number of cards, holders and a reader. Contact your Sentry Enterprises representative to discuss
Yes, unless it has FIDO2, then you can hold it to an NFC reader or app on your phone. We have a Sentry app that you can hold it to your phone and then enroll.
We do all our own manufacturing. We buy the antennas from HID and we have our own product and manufacturing patents.
We have FIDO2 which is the public version of PIV. We are in the process of achieving FIPS-201 certification by mid-2023 and will have a Government certified PIV ID then.
1. DEMO Card:
This card is made for testing and evaluation. This configuration allows individuals to enroll their 2-fingers and lock the card temporarily for testing. Once the individual has completed the testing they can reset the card by placing the card on a reader and using anyone’s non-enrolled finger on the card for approximately 20-30 seconds (10 sets of flashes) Once the sets of flashes goes to individual flashes they can remove the card from the reader and it is now reset for another individual to enroll and test.
2. PRODUCTION Card:
This card enrolls exactly the same as the Demo card but once the enrollment is complete the card is PERMANENTLY locked to that individual. That is what we call ABSOLUTE TRUST and IDENTITY. Whenever this card is used you ABSOLUTELY know who used it.
3. CONTRACTOR/VISITOR Card:
This card enrolls exactly the same as the Demo card and is locked to the individual until the card is placed on a reader and the reset key is applied for 3-5 seconds to the sensor on the card. Once that is complete the card can be re-enrolled/re-used. This ensure the card can only be used by the registered person until the secure SentryKey is used to reset it. Typically these cards have a Visitor or Contractor General information printed on them and not a photo as you would not be able to reprint directly to the card.