A real identity biometric
authentication device includes a
USB thumb drive form factor, with a biometric sensor and designated device processor and stored instructions in
firmware which perform
authentication in a secure manner, independent of
processing and storage resources on a host platform. The device and
authentication process require
biometric data and are secured against effects of
malware or other security risks presented by applications running on the host platform. During an enrollment process, a unique encrypted enrollment biometric token is created using
biometric data and uploaded securely to an
authentication server. During an authentication process, the encrypted enrollment biometric token is downloaded to the real identity authentication device
firmware and is decrypted on the device. The
biometric data obtained from the decrypted data and is compared with live, real-time biometric data obtained from the user, for example, by a real-time
fingerprint scan. If the real-time biometric data and the enrolled, decrypted biometric data match, the user is authenticated.