Your Fingerprint Never Leaves the Card.
A plain-language explanation of how VerifiedKnock handles biometric data — designed for law enforcement leadership, union representatives, and legal counsel.
The Direct Answer
VerifiedKnock does not transmit, store, or have access to any officer's fingerprint — ever. The fingerprint is processed entirely within the physical card's secure chip. What leaves the card is a cryptographic signature, which is mathematically impossible to reverse into biometric data.
What Actually Happens at the Door
Step by step, from finger to verified — with no biometric data ever leaving the card.
Officer Touches the Card
The officer places their finger on the fingerprint sensor built into the ATKey.Card. The sensor reads the fingerprint and the card's internal processor compares it to the enrolled template stored in the card's secure element — a tamper-proof hardware chip that cannot be read externally, even by the manufacturer.
Card Produces a Cryptographic Signature
If the fingerprint matches, the card uses its private key — stored permanently in the secure element and never extractable — to sign a challenge. This produces a cryptographic assertion: a string of characters that proves the card holder is who they claim to be. This is the FIDO2 standard, the same technology used by the US Department of Defense and major financial institutions.
Signature Is Transmitted to the App
The officer's phone receives the cryptographic signature via NFC. The app sends this signature to the VerifiedKnock system, which verifies it against the officer's registered public key. A public key is mathematically paired with the private key on the card, but cannot be used to recover the private key or any biometric data.
Homeowner Is Notified: Verified
Once the signature is verified, the homeowner's app receives a notification showing only: the agency name, visit reason, reference number, and verification status. No officer name, badge number, photo, or any biometric data is ever shown to the homeowner. The officer's identity is protected throughout.
What VerifiedKnock Stores
A complete, transparent breakdown of our data architecture.
What We Store
- Officer's public key (cryptographic, not biometric)
- Agency name and organization credentials
- Visit records: timestamp, reason, reference number
- Verification status (pass/fail)
- Device registration identifiers
What We Never Store
- Fingerprints or any biometric templates
- Officer names, badge numbers, or photos
- Private cryptographic keys (stay on-card only)
- Location data or GPS coordinates
- Any data that could identify an officer to a resident
Legal & Compliance Framework
Why our architecture was designed this way — and the legal protections it provides.
BIPA — Illinois Biometric Information Privacy Act
BIPA imposes fines of $1,000–$5,000 per violation for unauthorized collection or storage of biometric data. VerifiedKnock's match-on-card architecture means we never collect or store biometric data — making BIPA liability structurally impossible, not just contractually avoided.
FIDO2 / WebAuthn Standard
The ATKey.Card is certified by the FIDO Alliance — the same international standards body whose specifications are used by the US Department of Defense, major banks, and government agencies worldwide. FIDO2 was specifically designed so that biometric data never leaves the authenticator device. This is not a VerifiedKnock policy — it is a requirement of the standard itself.
Police Union Protections
VerifiedKnock's system is designed to protect officer identity from public exposure. Homeowners receive only the agency name, visit reason, and verification status — never the officer's name, badge number, photo, or any identifying information. This design directly addresses concerns raised by police unions regarding officer safety and privacy.
Have More Questions?
We welcome scrutiny from law enforcement leadership, union representatives, and legal counsel. Our technical team is available to walk through the architecture in detail.