Access control and time & attendance management system using biometrics requires proper technology and regulation to prepare for specific security threats. Also, the factors related to security are complementary without independent factors and a lot of resources must be considered. Suprema's solution offers various methods to provide enhanced security.
Irreversible biometric template protection
Leakage of real fingerprint or facial images registered for authentication may pose a serious threat to security. Actual images get reorganized as binary templates through an advanced analysis algorithm which can never be reversed to a real live image.
Personal data protection
Protecting personal data from any malicious attacks or leaks has never been emphasized more than today. The importance of this act is backed up by regulations all around the world. Biometric credentials are considered as very sensitive data, but even simple information that can be combined to specify a single individual will be considered as personal data. All these data will be stored safely into the server, device, or even card as encrypted using AES 256, AES 128, DES/3DES based on the location.
Communication protection against malware and data breaches
Communication protection using encryption and certificate is applied to all communications used in the system. Server to client communication is protected by HTTPS which can use a trusted CA signed certificate. Between the server and device, all communications are encrypted using AES 256, but can enhance the protection by using TLS 1.2. Serial communication through RS-485 is also encrypted using AES 128 under the requirement to secure all possible communication. These implementations will lead to become a system where it can efficiently defend against malicious attacks and protect all sensitive data.
Physical protection of sensitive data on edge devices
All edge devices produced by Suprema support security tamper to protect stored data from physical threats. If any unauthorized attacker removes the device from the wall, all data and configurations stored will be deleted immediately.
Providing proof of compliance
All activities taken in the system will be recorded from the moment of logging into the BioStar 2 platform. The operations are recorded as logs including information of time, object, and details of actions in the system.
Authentication for data access
BioStar 2 platform can faithfully reflect privacy protection and organizational operation requirements. It can divide up and manage the permission level to access personal information in various ways.