Kensington VeriMark Guard USB-C Fingerprint Key - certification

[Vojtěch Zavřel]

Dear community,

I have troubles with Kensington VeriMark Guard USB-C Fingerprint Key and it's certification.

According to https://fidoalliance.org/certification/fido-certified-products/ the key has L1 certification for FIDO2 and U2F.

Kensington (the manufacturer) declares the key is FIDO certified:
The device is FIDO2 and FIDO U2F certified with expanded authentication options, including strong single-factor (passwordless), dual, multi-factor, and Tap-and-Go* https://www.kensington.com/software/verimark-setup/verimark-guard-setup-guide/

But it's listed as NOT_FIDO_CERTIFIED in FIDO aliance metadata https://mds.fidoalliance.org/ - checked via FIDO MDS Explorer https://opotonniee.github.io/fido-mds-explorer/#view

Where is the truth? And if the device is L1 certified, what can I do to list it in the MDS data?

Thanks for the answer

Votech

[rlind...@noknok.com]

mds.fidoalliance .org relates to a deprecated version of the FIDO MDS.

See https://fidoalliance.org/metadata/ for more explanations.

The current version is active at: https://mds3.fidoalliance.org/

--
You received this message because you are subscribed to the Google Groups "FIDO Dev (fido-dev)" group.
To unsubscribe from this group and stop receiving emails from it, send an email to fido-dev+u...@fidoalliance.org.
To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/bf598ffa-fc37-45a4-915e-9fbb1db26cb6n%40fidoalliance.org.

[Vojtěch Zavřel]

Hi,

thanks for the answer. I checked the blob content with the FIDO MDS Browser https://github.com/opotonniee/fido-mds-explorer that uses FIDO Metadata Service v3.

If I look directly to the blob, there is only one Verimark device with description "VeriMark Guard Fingerprint Key" while on the FIDO aliance web is multiple of them with different names and certification levels. Look for Kensington Computer Products Group in Company attribute on the https://fidoalliance.org/certification/fido-certified-products/ site.

{
      "aaguid": "d94a29d9-52dd-4247-9c2d-8b818b610389",
      "metadataStatement": {
        "legalHeader": "Submission of this statement and retrieval and use of this statement indicates acceptance of the appropriate agreement located at https://fidoalliance.org/metadata/metadata-legal-terms/.",
        "aaguid": "d94a29d9-52dd-4247-9c2d-8b818b610389",
        "description": "VeriMark Guard Fingerprint Key",
        "authenticatorVersion": 1,
        "protocolFamily": "fido2",
        "schema": 3,
        "upv": [
          {
            "major": 1,
            "minor": 0
          }
        ],
        "authenticationAlgorithms": [
          "secp256r1_ecdsa_sha256_raw"
        ],
        "publicKeyAlgAndEncodings": [
          "cose"
        ],
        "attestationTypes": [
          "basic_full"
        ],
        "userVerificationDetails": [
          [
            {
              "userVerificationMethod": "none"
            },
            {
              "userVerificationMethod": "presence_internal"
            },
            {
              "userVerificationMethod": "fingerprint_internal"
            },
            {
              "userVerificationMethod": "passcode_internal"
            }
          ]
        ],
...
       
      },
      "statusReports": [
        {
          "status": "NOT_FIDO_CERTIFIED",
          "effectiveDate": "2021-02-26"
        }
      ],
      "timeOfLastStatusChange": "2021-02-26"
    },

 

Dne pátek 28. dubna 2023 v 11:13:43 UTC+2 uživatel rlind...@noknok.com napsal:

[Vojtěch Zavřel]

sorry I have forgotten the attachement

Dne pátek 28. dubna 2023 v 11:51:12 UTC+2 uživatel Vojtěch Zavřel napsal:

[Vojtěch Zavřel]

Hi there,

is it O.K. that the vendor advertise the device as FIDO certified (using the FIDO alliance graphics) even the vendor is not a member of the FIDO alliance? The vendor argues that:

"The chipset use on VeriMark are Synaptics 7600. We leverage their whole firmware stack for the FIDO certification. Thus, we can claim it."

But I don't think so.

Thanks for the answer.

Dne pátek 28. dubna 2023 v 11:53:15 UTC+2 uživatel Vojtěch Zavřel napsal:

[Vojtěch Zavřel]

The image has not been attached.

Dne pondělí 12. června 2023 v 12:34:41 UTC+2 uživatel Vojtěch Zavřel napsal:

[DUBOUCHER Thomas]

Hi,

 

Device certification is not tied to being a member of the FIDO Alliance.

 

Best regards,

 

--

Thomas Duboucher

 

From: 'Vojtěch Zavřel' via FIDO Dev (fido-dev) <fido...@fidoalliance.org>
Sent: lundi 12 juin 2023 12:37
To: FIDO Dev (fido-dev) <fido...@fidoalliance.org>
Cc: Vojtěch Zavřel <vo...@vojtechzavrel.cz>; rlind...@noknok.com <rlind...@noknok.com>
Subject: Re: [FIDO-DEV] Kensington VeriMark Guard USB-C Fingerprint Key - certification

 

The image has not been attached.

 

Dne pondělí 12. června 2023 v 12:34:41 UTC+2 uživatel Vojtěch Zavřel napsal:

Hi there,

is it O.K. that the vendor advertise the device as FIDO certified (using the FIDO alliance graphics) even the vendor is not a member of the FIDO alliance? The vendor argues that:

 

"The chipset use on VeriMark are Synaptics 7600. We leverage their whole firmware stack for the FIDO certification. Thus, we can claim it."

 

But I don't think so.

 

Thanks for the answer.

 

To view this discussion on the web visit https://groups.google.com/a/fidoalliance.org/d/msgid/fido-dev/6417c6a1-00e4-41d7-9c7d-87f33ca71d48n%40fidoalliance.org.