When you first see it, the Feitian Fingerprint Card looks like it’s the luxury version of AuthenTrend ATKey.Card. Looks can be deceiving. When working with customers in the past on FIDO2 implementations and testing with Azure AD, many that were familiar with smart cards wanted a security key like this – something that can go on a lanyard, be potentially integrated with a corporate ID, and supports NFC.
The card itself packs a lot of technology into a body the same dimensions as a credit card, having Bluetooth, NFC, status LEDs and a fingerprint reader. Being that it is a Java Card Operating System (JCOS) device there likely is a mix of technologies you could implement on the card beyond it just being a security key. On the other side of the demo unit, there is an example print of an ID badge, showing organizations that this has a lot of potential flexibility. Physically the card feels exactly as one would expect and it has the same flexibility and feel as your typical plastic credit card. The LED lights provide status relative to operation and success (green), Bluetooth (blue) and any errors (red). Note that the card itself has no battery within it and requires using a USB holder for providing power for Bluetooth support.
Available Features And Management
Feitian does not indicate if there is any further out of the box support beyond FIDO2 on their datasheet, but as noted they design this to be flexible as far as card programming goes, even though that certainly ramps up the potential cost and complexity beyond FIDO2.
Testing the card purely as a security key, the enrollment of a fingerprint on the card is complex. Native in Windows, the card never was recognized as having a fingerprint reader, so when going into the security key options, there is nothing available for fingerprint management. This leaves us with Bluetooth, the power adapter, and the mobile app for enrollment. Note that Feitian has three similar looking apps in the Apple App Store for managing fingerprints, but only one works with this card, which is here, Fingerprint Card Manager on the App Store (apple.com). You can enroll up to eight fingerprints on the card per Feitian, but I did not test more than one.
FIPS 140 Availability
Feitian does not produce a FIPS 140 variant of this card.
Enrollment And Usage
The key enrolled in Azure AD without any issue on the Azure AD side, however, it was a bit finicky on the NFC reader, and even though it would power up, at certain angles it would seem to not be recognized and Windows would throw an error. Note that I was not using a Feitian NFC reader, but the reader has had no issues with other NFC security keys.
The key worked consistently after enrollment without issue prior to enrolling a fingerprint.
After fingerprint enrollment, again, the key would be fussy as to how it was placed on the NFC reader, and even though it would have power the entire time, Windows would time out the authentication. The key had to stay motionless on the NFC reader while you are performing biometric authentication with your finger.
Interestingly you can Bluetooth pair the key to your Windows device, but it can’t be used as a Bluetooth security key. I’m not sure it really matters considering at that point you’ve plugged it into a USB port anyway. And speaking of USB, the power adapter is just that – using the adapter as a means of USB for authentication is not an option.
The key was factory reset without issue.