Add Support for Secure and Small Sensors

DigitalPersona supports most WBF (Windows Biometric Framework) readers. It does so by using the WBF driver to get an image, and then using the DigitalPersona Fingerprint Engine to create a fingerprint template for matching, and finally storing the fingerprint template in the centralized DigitalPersona database.

The fingerprint can then be used from any DigitalPersona workstation or from DigitalPersona web services and from the DigitalPersona Identity Provider (STS).

However, there are some fingerprint readers where the DigitalPersona Fingerprint Engine cannot be used.

For the types of fingerprint readers and sensors described below, the administrator should choose to store biometric data locally rather than remotely during the installation of DigitalPersona Workstation.

Secure Fingerprint Readers

For ‘secure’ fingerprint readers, defined as those which do not allow an image to leave the reader hardware, the actual template creation, matching and storage must be done by the reader hardware instead of the DigitalPersona Fingerprint Engine.

Consequently, the template cannot be stored in the DigitalPersona database, and the fingerprint credential does not roam, (that is, is not automatically available for authentication to other computers in the domain). This also means that fingerprints

  • Can only be used on the computer where the fingerprints were originally enrolled.

  • Cannot be used for web services or Office 365 integration through the Access Management API.

  • Is not available within the DigitalPersona SSO for Office 365 product (because STS uses the DigitalPersona web services).

If during installation, the default choice to store biometric data remotely was selected, this behavior can be changed manually on the machine using the secure reader in order to allow full use of the WBF driver.

Other DigitalPersona credentials will still roam and be stored on the DigitalPersona Server. However, a user wishing to have their fingerprint credential available on another computer will have to re-enroll the credential on the other machine (one that does not have this setting disabled).

Small Form Factor Sensors

Certain small form factor sensors, such as those built into some mobile devices, tablets, laptops and accessories (for example, the Surface Pro 4 Type Cover with Fingerprint ID or the Lenovo T460), also cannot use the DigitalPersona Fingerprint Engine for template creation or matching and therefore must be stored locally.

Override the CredentialsRoaming Policy

Complete the following steps to override the default CredentialsRoaming policy setting (which actually only affects roaming of fingerprints) in order to support the use of Microsoft’s WBF driver for fingerprint matching and storage on the computer.

Note: Any fingerprints enrolled on the computer can then only be used for authentication on the computer where they were originally enrolled and do not roam.
Prerequisites: Back up your registry!

  1. Create a new registry entry (DWORD (32-bit Value) in the following location:

    Computer\HKEY_LOCAL_MACHINE\SOFTWARE\DigitalPersona\Policies

  2. Set the value to 0.

  3. Close the Registry Editor.

  4. Reboot the computer twice.

    Once will not be adequate.