ekey. dein finger. dein schlüssel
Profis / Partner  >  Security

SECURITY

of ekey fingerprint access solutions

 

ekey products guarantee the very highest standard of security against misuse and unauthorized access to the access control system.

During the development, design and production of its products, ekey has considered the following recommendations and guidelines:

  • Recommendations of the German Federal Office for Information Security, www.bsi.bund.de 
  • Recommendations of the VdS (German Association of Insurers) on access control systems, www.vds.de
 

Security features

ekey products have the following security features:

 
  • ekey finger scanners feature a security level against wrong recognition (false acceptance rate) of 1:10 million. This makes them 1,000 times more secure than a 4-digit code. As a result, there is virtually no likelihood of unauthorized access or fingerprint falsification in private or business properties.
    (This goes far beyond the specifications of VDS235+B18 – Section 11.3, which requires >1:100,000.)

  • ekey finger scanners are equipped with a capacitive line sensor. A swiping motion across the sensor is required to register the fingerprint: This means that no fingerprints are left behind on the device, preventing any copying and reproduction.

  • The sensor technology used in ekey finger scanners (RF sensor technology) is able to distinguish between living and dead tissue. Fake finger clones are extremely difficult to create as a result; it would only be possible to do this in a laboratory under perfect conditions and with an outstanding level of specialist knowledge.

  • ekey finger scanners featuring a card reader function as an alternative identification option (by means of RFID transponders) use the secure, encrypted MIFARE DESFire-EV1 technology.
    (This corresponds to the specifications of guideline VDS2358 – Section 11.3 concerning possible variations and copy protection.)

  • Pin codes of between 4 and 8 digits can be used for identification on the ekey keypad (code pad).
    (This corresponds to the specifications of guideline VDS2358 – Section 11.3.)

  • ekey finger scanners feature extraction protection. None of the identification features (minutiae) stored in the finger scanner can be extracted and then processed further.
    (This corresponds to the specifications of guideline VDS2358 – Section 11.4.)

  • It is not possible to reproduce fingerprints from the stored template, as the fingerprint is converted into a binary number code using an in-house-developed algorithm.

  • Power failures do not change the identification features in the memory and do not trigger any opening impulses.
    (This corresponds to the specifications of guideline VDS2358 – Section 13.3.)

  • ekey finger scanners have been developed for use in unprotected outdoor applications as well as in both domestic and business environments.
    (They conform to environmental class IV according to VDS guideline VDS2358.)

  • ekey finger scanners are registration units. The ekey control panel (actuator), featuring a switching relay for controlling the lock mechanism, is separate from the finger scanner and installed in a secure interior (security area).

  • ekey finger scanners and the ekey control panel are connected via an encrypted data connection. Attempts of tampering (such as short-circuiting the connection lines) will not cause the triggering of any opening impulse.

  • ekey finger scanners can only be reset to their factory settings by the administrator. This requires access to the control panel, installed in the secure interior (security area), as well as entry of a security code – which is not possible from the outside.

  • Neither ekey finger scanners nor ekey control panels store any encrypted access authorization data (e.g. a factory code) that would enable the installer or the manufacturer to obtain access without the assistance of the administrator.
    (This corresponds to the specifications of guideline VDS2358 – Section 13.11.)

Data connections to devices and systems located outside the security area feature the following mechanisms for providing protection against tampering:

  • A secure coupling process is used for establishing the connection (e.g. Bluetooth Secure Simple Pairing). A coupling code of at least 6 digits must be used.
  • If an incorrect coupling code is entered 3 times, a time-out is activated.
  • Data transmission is always encrypted.
  • It is not possible to transfer malware to ekey devices via the data connections.
  • It is not possible to replace or to tamper with identification features stored via an interface.
  • Data connections can be deactivated by the administrator, and only the administrator may reactivate them.

Correct access blocking ensures that insurance coverage is in place.

From an insurance perspective, the risk of a burglary taking place is therefore related to whether the door or access equipment is actually locked or not. The question of whether the locking mechanism is actuated using mechanical or electronic means is secondary to this.

In general, access points with electronic locking systems (such as ekey fingerprint access control systems) should always control mechatronic locks that lock securely and independently (such as motorized locks). As a general rule, an access point that does not have a locking mechanism (e.g. a door that only latches or has an electric strike) does not have insurance coverage.

 

 
 
© 2015 ekey biometric systems