Enterprise

Q: What is Amazon One Enterprise?

Amazon One Enterprise is a secure, palm-based identity service for enterprise access control. It improves the overall security of an organization by helping prevent costly security breaches. The new service delivers a fast, convenient, and contactless experience for employees and other authorized users to gain access to buildings and secure areas. It can also be used to access physical equipment like lockers, printers, and restricted equipment and software resources like applications, digital assets, or multi-factor authentication. Using Amazon One Enterprise, organizations can spend less time monitoring access, remove the need for manual security checks, and streamline operations using cloud-based management while simplifying the employee experience. To learn more, see Amazon One Enterprise

Q: How does Amazon One Enterprise work?

The Amazon One Enterprise offering includes the Amazon One device and a software authentication service, which runs on AWS. Customers must deploy Amazon One devices at their sites. After installation and activation, enterprise users can enroll by scanning their badge over a badge reader and hovering their palm over an Amazon One device to associate their palm with badge information. After enrolling, users can simply hover their palm over an Amazon One device for authentication. Amazon One device cameras capture surface-area details like lines and ridges, as well as subcutaneous features like vein patterns, and use multiple characteristics of a palm to identify each person.

Q: How can I get started with Amazon One Enterprise?

Contact us to learn more about Amazon One Enterprise. A team member will get in touch to share more details about our offering, including pricing, instructions for device ordering, setup, and service activation. After activation, you can use the AWS Management Console to monitor the status of devices, manage software updates, track enrolled users, and view monthly bills.

Q: Why does Amazon One Enterprise use palm modality for authentication?

Amazon One Enterprise combines palm and vein imagery for biometric matching and delivers an accuracy rate of 99.9999%, which exceeds the accuracy of most biometric alternatives—even more accurate than scanning two irises. Also, since Amazon One devices operate beyond the normal light spectrum and cannot accurately perceive sex or skin tone, Amazon One Enterprise does not detect gender or race, protecting enterprise users’ privacy.

Q: How does Amazon One Enterprise protect user data in the cloud?

Palm data and badge ID information are never stored on the device. They are immediately encrypted and sent to a highly secure zone in the AWS Cloud custom-built for Amazon One Enterprise where a unique collection of palm signatures is created for each enterprise customer, thereby providing strong data isolation and increased security for each organization.

Q: In which countries is Amazon One Enterprise offered?

Amazon One Enterprise is currently available in the US.

Q: What installation or mounting options are available for Amazon One Enterprise?

We offer two options. (1) Standalone device: This will give you the flexibility to install the device as per your needs. (2) Pedestal: In this configuration, the Amazon One device is mounted on a pedestal.

Q: What is the difference between Amazon One and Amazon One Enterprise?

Amazon One is an identity service that allows consumers to enter, identify, and pay using only their palm at participating locations such as gyms, restaurants, retail shops, event venues, and sports stadiums. After a one-time sign-up, consumers can use their palm wherever Amazon One is available. With Amazon One Enterprise, we have developed an enterprise-focused service that helps businesses offer the secure, convenient service to their employees and other authorized users. Users must enroll in Amazon One Enterprise with their palm and badge. Once enrolled, enterprise users can hover their palm for enterprise access. However, if users want to use their palm at other locations such as Whole Foods Market or Amazon Go stores, they must create an Amazon One profile.

Data management

Q: What user data is collected when an employee enrolls with Amazon One Enterprise?

Amazon One Enterprise stores encrypted palm data and badge ID information for authentication.

Q: How can users delete their data from Amazon One Enterprise systems?

Users can delete their data by using the Unenroll functionality on an Amazon One enrollment device. Unenrolling automatically results in the deletion of a user’s palm biometrics and badge ID information from Amazon One Enterprise systems. Alternately, users can also request deletion of their data by reaching out to their enterprise’s (employer’s) system administrator. The system administrator can manually delete the user’s biometric data through the Enrolled User Management page in the AWS Management Console.

Q: What is the lifecycle of user data?

Amazon One Enterprise ensures that the user is always in control of their data across the following stages:

Enrollment: When a user enrolls, Amazon One Enterprise stores the user’s encrypted palm biometric data and badge ID information. This data is retained until the user unenrolls from Amazon One Enterprise or when the enterprise closes their AWS account. A user’s data will also be automatically deleted from Amazon One Enterprise systems if they do not interact with a device for two years.

Unenrollment: When a user unenrolls, their biometric data and badge ID information is deleted from Amazon One Enterprise systems.

User discontinues employment with enterprise: When a user discontinues employment with an enterprise, the enterprise’s system administrator can delete the user’s data through the Enrolled User Management page on the AWS Management Console to ensure that it is no longer retained within Amazon One Enterprise systems.

End users

Q: How do I enroll with Amazon One Enterprise?

Currently, we support enrollment using employer-provided RFID badges. Please find the enrollment station in your work location. First, scan your badge with the badge reader, which is connected to the enrollment station. Second, hover one or both your palms three inches above the Amazon One device so that it can capture your palm print. Once signed up, you can just hover your palm to authenticate yourself and gain access.

Q: What information does Amazon One Enterprise collect?

Amazon One Enterprise stores your encrypted palm data and badge ID information in a highly secure zone in the AWS Cloud. The secure zone is custom-built for Amazon One Enterprise where a unique collection of palm signatures is created for each individual enterprise.

Q: How do I delete my biometric data?

You can delete your biometric data by using the Unenroll functionality on an Amazon One enrollment device. Unenrolling automatically results in the deletion of your palm biometric data and badge ID information from Amazon One Enterprise systems. Alternately, you can also request deletion of your data by reaching out to your enterprise’s (employer’s) system administrator. The system administrator can manually delete your data using the AWS Management Console.

Q: How long does Amazon One Enterprise retain my palm biometric data?

We will securely store your palm biometric data as long as you’re enrolled with Amazon One Enterprise and employed with the enterprise. If you decide to unenroll, we will permanently delete your palm biometric data from Amazon One Enterprise systems. If you leave your current employer, your enterprise system administrator can permanently delete your data from Amazon One Enterprise systems. Your data will also be automatically deleted if you do not interact with an Amazon One Enterprise device for two years.

Q: If I enroll at an enterprise, can I use my palm for payments at a Whole Foods Market?

No, you will not be able to use your palm to pay at a Whole Foods Market or other Amazon One enabled locations, even if you enroll at an enterprise. This is because, with Amazon One Enterprise, we offer a private collection of palm signatures for each enterprise, resulting in strong data isolation and security. To use your palm at Whole Foods Market stores or other locations, sign up online or visit an Amazon One device at enabled locations.