Episode 027: 02‐07‐2024 Holy Grail: A Physical and Logical Access Card - GluuFederation/identerati-office-hours GitHub Wiki
Title: Holy Grail: A Physical and Logical Access Card
- Host: Mike Schwartz, Founder/CEO Gluu
- Guest: Mike Baker, Dir. of Channel Sales Sentry
- Guest: Darren Wieder, VP Sales Sentry
Description
There are a bunch of FIDO keys in the card form factor, but most of them don't have an HID antenna to open door locks. Combining biometric and phsyical access is a game changer for physical access control--no more card sharing. And as a device bound credential with hardware enforced one-time enrollment (no adding fingerprints later!), it is one of the highest assurance digital credentials yet conceived. So is Sentry's new card the Holy Grail of enterprise authenticators?
Homework
Takeaways
-
Sentry is making some of the most innovative identity cards I've seen. They have combined advanced fingerprint reader, FIDO NFC interface, and an RFID antenna in a tiny battery-less hardware footprint and a normal credit card width. It can use the power from the reader to light up OLEDs on the card. And at around $25 MSRP, it's competitively priced.
-
Hardware-enforced one-time enrollment prevents card sharing. Any device with resettable firmware or re-enrollment is ok for self-asserted identity. But for organizational identity, it is helpful to know that the card can't be enrolled after issuance.
-
The NFC passkey interface is probably better for mobile applications then browsers right now--the passkey experience on the browser is not optimized for physical hardware keys. But for high assurance use cases, combining a physical access token with a device would mitigate risk of fraud. For example, presenting an NFC passkey could make sense for access to a digital wallet.
-
"Light" fingerprints are not a problem for this card, becauuse the finger print sensor uses a three dimensional scan so it's not really even looking at the finger "print". It might be more accurate to say "finger-reader".