Broadcom Bio-Safe Installation Instructions and User guide

Broadcom
Brand
Broadcom
Model
Bio-Safe Installation Instructions and
Type
User guide
Broadcom BIO-SAFE-UG101
March 23, 2020
Bio-Safe™ Hardware Password Manager
Installation Instructions and User Guide
User Guide
Broadcom, the pulse logo, Bio-Safe, CredentialVault, Connecting everything, Avago Technologies, Avago, and the A logo
are among the trademarks of Broadcom and/or its affiliates in the United States, certain other countries, and/or the EU.
Copyright © 2019-2020 Broadcom. All Rights Reserved.
The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries. For more information, please visit www.broadcom.com.
Broadcom reserves the right to make changes without further notice to any products or data herein to improve reliability,
function, or design. Information furnished by Broadcom is believed to be accurate and reliable. However, Broadcom does
not assume any liability arising out of the application or use of this information, nor the application or use of any product or
circuit described herein, neither does it convey any license under its patent rights nor the rights of others.
Bio-Safe User Guide Installation Instructions and User Guide
Broadcom BIO-SAFE-UG101
2
Broadcom BIO-SAFE-UG101
3
Bio-Safe User Guide Installation Instructions and User Guide
Table of Contents
1 Installing Bio-Safe........................................................................................................................................................4
1.1 Installation Requirements ....................................................................................................................................4
1.1.1 ControlVault Installation Requirements .....................................................................................................4
1.1.2 ATKey.Pro Installation Requirements ........................................................................................................5
1.2 Installing the Bio-Safe Software...........................................................................................................................5
1.2.1 Installing the Host Application....................................................................................................................5
1.2.2 Installing the Chrome Browser Extension..................................................................................................5
2 Using Bio-Safe..............................................................................................................................................................6
2.1 Operating Bio-Safe ..............................................................................................................................................6
2.2 Managing Credentials with Bio-Safe..................................................................................................................10
2.3 Editing User Credentials ....................................................................................................................................11
2.4 Deleting User Credentials ..................................................................................................................................12
2.4.1 Deleting Individual User Credentials........................................................................................................12
2.4.2 Deleting All User Credentials ...................................................................................................................12
2.5 Bio-Safe Architecture Flow ................................................................................................................................14
3 Troubleshooting.........................................................................................................................................................15
3.1 Fingerprint Authentication Issues.......................................................................................................................15
3.2 Remote Desktop Session Issues .......................................................................................................................15
3.3 Fingerprint Enrollment Issues ............................................................................................................................15
3.4 Chrome Browser Issues.....................................................................................................................................15
3.5 Chrome Extension Errors...................................................................................................................................16
3.6 Website Specific Issues .....................................................................................................................................16
3.7 Host Application Issues......................................................................................................................................17
4 Support .......................................................................................................................................................................17
Appendix A: Dell CV-SoC Supported Laptops............................................................................... 18
Revision History............................................................................................................................................................ 19
BIO-SAFE-UG101; March 23, 2020..........................................................................................................................19
BIO-SAFE-UG100; November 26, 2019 ...................................................................................................................19
Broadcom BIO-SAFE-UG101
4
Bio-Safe User Guide Installation Instructions and User Guide
1 Installing Bio-Safe
This section provides information on installing the Bio-Safe™ software.
1.1 Installation Requirements
The following items are required before installing the Bio-Safe software:
One of the hardware options listed below:
Dell Laptops with the ControlVault™ security chip and fingerprint sensor.
Authentrend’s ATKey.Pro fingerprint enabled security key (see https://authentrend.com/atkey-pro for the latest
documentation).
Fingerprint enrollment. It is recommended to enroll multiple fingerprints.
Chrome Browser Software (78.0.3904.108 or later version) – Install the Chrome browser if not already installed. The
Bio-Safe browser extension is only compatible with the Chrome web browser.
1.1.1 ControlVault Installation Requirements
ControlVault (CV) security chip and fingerprint sensor – Ensure that the PC being used has a CV and fingerprint sensor
installed. CV is available on select Dell Latitude and Precision laptops and can be found in Microsoft Windows Device
Manager (see Figure 1).
Figure 1: Device Manager
NOTE: See Appendix A, Dell CV-SoC Supported Laptops to review the list of all Dell PCs that are equipped with CV. PCs
must be configured at the time of purchase to include a fingerprint reader
Enroll your fingerprint(s) in Windows Hello as shown in the following URL:
https://support.microsoft.com/en-us/help/899626/how-to-add-change-or-remove-a-fingerprint-logon-by-using-the-
fingerpri
Broadcom BIO-SAFE-UG101
5
Bio-Safe User Guide Installation Instructions and User Guide
1.1.2 ATKey.Pro Installation Requirements
For Authentrend’s ATKey.Pro fingerprint enabled security key – Ensure that the ATKey device is installed using the
Windows application for ATKey.Pro. Update the ATkey.Pro firmware to the latest version (1.0.0.9 or later). Follow the
steps to activate the device and register fingerprints. See the latest documentation located at https://authentrend.com/
atkey-pro/.
1.2 Installing the Bio-Safe Software
The Bio-Safe software consists of two main components:
Host Application
Chrome Browser Extension
1.2.1 Installing the Host Application
The host application is the interface to the security chip. To install the host application:
1. Retrieve the host application installer from the Downloads section located at https://www.broadcom.com/products/
embedded-and-networking-processors/secure/bio-safe.
2. Run the windows host application.installer and follow the onscreen instructions. For installation issues, see
Troubleshooting.
NOTE: If the Bio-Safe browser extension is already installed, it must be disabled before installing the host application.
When an ATKey.pro device is connected to a CV3/CV2 laptop, the ATKey.pro device is selected and the Bio-Safe
host application is installed for it.
1.2.2 Installing the Chrome Browser Extension
To install the Chrome browser extension:
1. Open the Chrome browser.
2. Locate the Bio-Safe extension in the Chrome Web Store. The direct link is https://chrome.google.com/webstore/detail/
bio-safe-hardware-passwor/pacmnngelmmblfojailbljbojklibcli.
3. Select Add to Chrome to install the extension.
4. Optional Step – By default, all the Chrome extensions are disabled in Incognito mode. Enable Bio-Safe to continue to
work in Incognito mode by clicking on the Details icon of the Bio-Safe Chrome extension and enable Allow in incognito
as shown in Figure 2.
NOTE: Bio-Safe stores credentials only after user confirmation and does not track browsing history.
Figure 2: Bio-Safe Incognito Mode
Bio-Safe is ready to use.
Broadcom BIO-SAFE-UG101
6
Bio-Safe User Guide Installation Instructions and User Guide
2 Using Bio-Safe
Usernames and passwords are still commonly used to log on to websites. Passwords can be very difficult to remember,
inconvenient to type in, and most importantly, vulnerable to hacker attacks.
Bio-Safe offers a hardware-based password manager to securely store users' login credentials using fingerprint
authentication. The password managers available in the market today either store the credentials on the host-machine or
on a cloud server, both prone to attacks. Bio-Safe uses the FIPS 140-2 Level 3 certified host-isolated CV SoC for storing
encrypted user credentials.
2.1 Operating Bio-Safe
To operate Bio-Safe:
1. After installing the Bio-Safe browser extension, whenever a user logs into a user account of a web-site (for example,
www.netflix.com) Bio-Safe provides an option to either store the user credentials or to not store them (see Figure 3).
Figure 3: Confirmation for Storing Credentials in Bio-Safe
2. Confirm the Bio-Safe pop-up dialog to store credentials in an encrypted format. From this point on, credentials are
released using fingerprint authentication.
Whenever a page with credentials stored in Bio-Safe is visited, the browser extension asks for the user to authenticate
with a fingerprint to release credentials as shown in Figure 4.
Broadcom BIO-SAFE-UG101
7
Bio-Safe User Guide Installation Instructions and User Guide
Figure 4: Prompt for Fingerprint Authentication
3. With fingerprint authentication, credentials are filled in automatically to the web-page fields. Log on to the website by
clicking Sign on or Login (see Figure 5).
Broadcom BIO-SAFE-UG101
8
Bio-Safe User Guide Installation Instructions and User Guide
Figure 5: Bio-Safe Releases Credentials on Authentication
4. If a website contains a one time password (OTP) or Captcha field, Bio-Safe may not automatically populate the values.
In this case, the values must be entered manually.
Broadcom BIO-SAFE-UG101
9
Bio-Safe User Guide Installation Instructions and User Guide
5. If Bio-Safe does not automatically populate values for a website whose credentials are present in the vault, there is an
option to manually pull the credentials for that site. Click on the Bio-Safe icon and select Pull Credentials for this Site.
After successful fingerprint authentication, the credentials will be populated (see Figure 6).
Figure 6: Pull Credentials for this Site
Broadcom BIO-SAFE-UG101
10
Bio-Safe User Guide Installation Instructions and User Guide
2.2 Managing Credentials with Bio-Safe
Bio-Safe offers a credential management interface and it can be loaded by clicking on Open the Bio-Safe Vault in the pop-
up window as shown in Figure 7.
Figure 7: Loading the Bio-Safe Credential Management Interface
The Bio-Safe Credential Viewer supports View, Edit, and Delete operations. Fingerprint authentication is required to
perform these operations (see Figure 8).
Figure 8: Bio-Safe Credential Viewer
Broadcom BIO-SAFE-UG101
11
Bio-Safe User Guide Installation Instructions and User Guide
2.3 Editing User Credentials
Whenever a user changes the user credentials on a website, the user must manually update the credentials in Bio-Safe. Edit
operations require authenticating with fingerprint twice: Once for viewing the credentials and a second time for updating
credentials (see Figure 9).
Figure 9: Credential Edit Screen
After clicking Save to store credentials, reauthenticate with a fingerprint to successfully complete the edit operation (see
Figure 10).
Figure 10: Completing the Credential Edit Operation
Broadcom BIO-SAFE-UG101
12
Bio-Safe User Guide Installation Instructions and User Guide
2.4 Deleting User Credentials
2.4.1 Deleting Individual User Credentials
The Delete command is provided to permanently delete individual user credentials from the Bio-Safe vault. Click the Delete
button located to the right of the Website URL to delete that individual user credential. Authenticate with a fingerprint to
perform this operation (see Figure 11).
Figure 11: Bio-Safe Credential Delete Operation
2.4.2 Deleting All User Credentials
The Wipeout command is provided to permanently delete all user credentials. The wipeout command can be invoked from
the Bio-Safe Credential Viewer as shown in Figure 12.
Figure 12: Wipeout Button
Since this operation deletes all the credentials at once, an extra caution confirmation is required. Type yes in the dialog box
and then click Confirm. Fingerprint authentication is required as shown in Figure 13.
Delete
Broadcom BIO-SAFE-UG101
13
Bio-Safe User Guide Installation Instructions and User Guide
Figure 13: Confirmation Dialog for Wiping Credentials
Upon successful authentication, the user credentials are permanently removed from the hardware. Use the Wipeout feature
to permanently delete credentials from the hardware. Removing the Chrome extension does not delete the credentials from
the CV chip. Although user fingerprint authentication is required to release the credentials, it is a good practice to wipeout
credentials if the device will not be used in the future.
Broadcom BIO-SAFE-UG101
14
Bio-Safe User Guide Installation Instructions and User Guide
2.5 Bio-Safe Architecture Flow
The Bio-Safe architecture flow is as follows (see Figure 14):
1. Whenever a user visits a web-site, the Bio-Safe browser extension checks whether the credentials are available.
a. If available, the user is prompted for fingerprint authentication to release credentials.
b. If not available, the user is given the option to store credentials. The credentials are stored only if the user clicks
Confirm.
2. When the user touches the fingerprint sensor, the hardware executes the fingerprint match operation. If successful, the
credentials are released to the browser extension.
3. The browser extension parses the object data and populates the credentials in appropriate fields to enable the user to
log on to the web site.
Figure 14: Bio-Safe Credential Management Flow
Security Chip - Tamper-Resistant HW
Host Chrome Browser
Release User
Credentials
Web -Server
Secure Storage for User Credentials
ww w.ab cba nk.com
www.singlesign.com
ww w.secu recon ne ct.go v
...
Admin Ke y
Man age m ent
Matcher/
Classi fie r
Authent ica te
Image
Proc es sing
Feature
Ex tr act ion
1
2
3
S
ecurity
C
hip
-
T
amper
-
Re
si
st
an
HW
H
ost
C
hr
o
m
e
Br
o
w
ser
R
e
l
ease
U
ser
Cr
ede
n
t
i
a
l
s
Web
-
S
erve
r
S
ecure
S
tora
g
e
f
or U se r
C
redentials
www
.
abcbank
.
co
m
www
.
sin
g
le si
g
n
.
com
ww
w
.
secu
r
eco
nn
ec
t
.
go v
...
A
dmin Ke
y
M
an age men
t
Matcher
/
r
r
C
lassi
f
ier
A
u the nt i
cate
Ima
g
e
Proc es sing
F
ea tu
r
e
Ex tr act ion
1
2
3
Internet
www.abcbank.com
Username
use r12 3
Password
***** *********
www.abcbank.com
1. Web-browser extension requests user for
fingerprint authentication.
2. CV Validates users fingerprint
authentication.
3. Releases user credentials (
username and
password) to the browser, user logs into-
web-site.
BCM5810X/20X Security Chip is available
as part of Dell Lattitude, Precision PCs, and
AuthenTrends ATKey.Pro USB Key.
BCM5810X/
20X
Broadcom BIO-SAFE-UG101
15
Bio-Safe User Guide Installation Instructions and User Guide
3 Troubleshooting
This section provides troubleshooting information for the Bio-Safe software.
3.1 Fingerprint Authentication Issues
Ensure fingerprint authentication is operating with Windows Hello. If unable to log on to Windows using fingerprint, restart
the PC and ensure that logging into the PC using fingerprint authentication is operating. If the user tries to use the Bio-Safe
Chrome extension without fingerprint enrollment, a notification message is displayed alerting the user that fingerprint
enrollment is required.
In rare instances, fingerprint authentication may not work with Windows Hello even after restarting the PC. At this point, re-
enroll fingerprints.
If there are fingerprint problems when using the ATKey.Pro device, see the documentation at https://authentrend.com/atkey-
pro/.
NOTE: Bio-Safe is not able to release credentials with the newly enrolled fingers and it currently only operates with
fingerprint enrollments available at the time of credential storage.
3.2 Remote Desktop Session Issues
Remote desktop sessions are not supported. It is not possible to use fingerprint authentication while logged in remotely.
3.3 Fingerprint Enrollment Issues
Only the fingerprints enrolled at the time of credential storage can be used to release credentials. Any newly enrolled
fingerprint can only be used for releasing Bio-Safe credentials that are stored after the fingerprint enrollment.
Bio-Safe should be installed after fingerprint enrollment to avoid problems. If Bio-Safe is installed before fingerprint
enrollment, perform one or both of the following steps:
a. Close and reopen the Chrome web browser.
b. Reload the Bio-Safe browser extension.
3.4 Chrome Browser Issues
Ensure that the Chrome browser:
Is active when the fingerprint authentication is in progress. Extra attention should be paid when there are multiple
monitor screens.
Broadcom BIO-SAFE-UG101
16
Bio-Safe User Guide Installation Instructions and User Guide
3.5 Chrome Extension Errors
Reload the Bio-Safe Chrome extension on the page chrome://extensions and look for any errors associated with the
Chrome extension. Attempt to clear errors and reload the Chrome extension to resolve the issue.
Figure 15: Chrome Extension Page
If none of the previous troubleshooting steps are helpful, remove the Bio-Safe Chrome extension from browser. Removing
the Chrome extension makes the CV credentials inaccessible.
3.6 Website Specific Issues
This section contains information on website specific issues.
Issues with sites where the login process spans two pages, one for the username and one for the password.
For initial storage of credentials Bio-Safe only sees one credential at a time and provides a confirmation to store
credentials, but does not have access to both credentials. In this case, a placeholder record is created for the
missing credential and the entry must be manually updated in the Bio-Safe viewer using the edit capability.
When the site is present in Bio-Safe, the user may not get prompted to load credentials for both the username and
password pages. In this case, use the Pull Credentials for this Site option in the Bio-Safe menu.
There is no pop-up to load credentials for a site that exists in Bio-Safe.
Reloading the Bio-Safe only prompts to store credentials once per page load. This avoids other issues related to
pages with captcha requirements.
In some cases the URL for sign-up or account creation is different from the login URL. It is recommended that
credential storage be done on the login site after account creation and not at the time of sign-up.
Broadcom BIO-SAFE-UG101
17
Bio-Safe User Guide Installation Instructions and User Guide
3.7 Host Application Issues
Ensure that the host application version and Chrome extension version requirements are met. For example, a Chrome
extension version of 1.1.5 requires a host application version of 1.1.5.*.
To view the host application version:
1. Go to File Explorer.
2. Right click on c:\windows\system32\BioSafe_HostApp.exe.
3. Click Properties.
4. Click the Details tab and look at the Product Version field.
4 Support
Provide feedback and report issues by emailing: [email protected].
Broadcom BIO-SAFE-UG101
18
Bio-Safe User Guide Installation Instructions and User Guide
Appendix A: Dell CV-SoC Supported Laptops
Table 1 provides a list of supported Dell CV-SoC supported laptops.
Table 1: Dell CV-SoC Supported Laptops
X7 X7.5 X8 X9 X10 X11
Latitude E7270 Rugged Extreme 14
7404
Latitude 7280/7380 Latitude 7390 2-in-1 Latitude 7300 Latitude 7310/7410
Latitude E7470 Rugged Extreme 12
7204
Latitude 7480 Latitude 7290/7390 Latitude 7400 Precision 7550/7750
Precision 7510 Rugged 14 - 5404 Latitude 5280/5288 Latitude 7490 Latitude 5300 Latitude 5310
Precision 7710 Rugged Extreme 14
7404
Latitude 5480/5488 Latitude 5290 Latitude 5400 Latitude 5410
Latitude E5270 Latitude 5580 Latitude 5490/5491 Latitude 5500 Latitude 5510
Latitude E5470 Precision 3520 Latitude 5590/5591 Precision 3540 Precision 3510
Latitude E5570 Latitude 5289/7389
Precision 3530
Latitude 5401 Latitude 5411
Precision 3510 Precision M7520
Precision
7530
Latitude 5501 Latitude 5511
Latitude 7370 Precision M7720
Precision
7730
Precision 3541 Precision 3511
Latitude 11 5179 Latitude 5285 Latitude 5495 Latitude 5300 2-in-1 Latitude 5310 2-in-1
Latitude 12 Rugged Latitude 7212 Latitude 5290 2-in-1 Latitude 7200 2-in-1
Detachable
Latitude 7210 2-in-1
Detachable
Precision 5820/78/
20/7920 Tower
Wyse 5070 Thin
Client/Wyse 5070
Extended Thin Client
Latitude 7400 2-in-1 Latitude 9410
DPWC600 CAC PIV
module
Latitude 5420
Rugged/Latitude 5424
Rugged/Latitude 7424
Extreme
Precision 7540 Latitude 7000 Clamshell
2-in-1
E9 Precision 7740 Latitude 7310/7410
Latitude 7220 Rugged
Extreme
Wyse 5470
Broadcom BIO-SAFE-UG101
19
Bio-Safe User Guide Installation Instructions and User Guide
Revision History
BIO-SAFE-UG101; March 23, 2020
Updated:
Installation Requirements
Operating Bio-Safe
Deleting All User Credentials
BIO-SAFE-UG100; November 26, 2019
Initial Release.
  • Page 1 1
  • Page 2 2
  • Page 3 3
  • Page 4 4
  • Page 5 5
  • Page 6 6
  • Page 7 7
  • Page 8 8
  • Page 9 9
  • Page 10 10
  • Page 11 11
  • Page 12 12
  • Page 13 13
  • Page 14 14
  • Page 15 15
  • Page 16 16
  • Page 17 17
  • Page 18 18
  • Page 19 19
  • Page 20 20

Broadcom Bio-Safe Installation Instructions and User guide

Broadcom
Brand
Broadcom
Model
Bio-Safe Installation Instructions and
Type
User guide
Download PDF
report

Ask a question and I''ll find the answer in the document

Finding information in a document is now easier with AI

Related papers

Other documents