We, Suprema Inc, hereby, certify that Suprema’s fingerprint terminals extract the fingerprint data points from the raw image and create a template from this data and do not keep the raw image of fingerprints in the device or central server. Templates can be of different types: “ISO 19794-2:2005, ANSI-378 (both being international standards, meaning compatible with other fingerprint vendors) or “Suprema” (proprietary template type that makes it even more secure when used in the system).
* GDPR-ready: BioStation A2, BioStation 2, BioStation L2, BioLite N2, BioEntry W2, BioEntry P2, CoreStation
In order to secure the template protection, cryptographic tools and encryption methods are used such as 256bit AES (in Device) or 256bit AES (in Server), making it very difficult to access the biometric data. Furthermore, TCP communication between devices and central server can be set as “Secure Communication” with the use of TLS 1.2 (including SSL / HTTPS).
- Access on Card (AoC)
In some cases of very-high Security or high-privacy concerns such as the EU GDPR, Suprema Inc also proposes a Fingerprint on Card alternative. This technology, known as Access on Card(AoC) allows to store the fingerprint template information on a Smart Card (HID iCLASS SE, HID Seos, MIFARE Plus, DESFire EV1). With AoC, all the information (data) remains in the secure memory area of the card, encrypted by a site key, using different methods depending on the card type (examples: AES128, DES/3DES, HID) and the cards containing fingerprint information remains in the unique possession of the End-User.
Suprema also proposes the CoreStation, a central biometric controller that removes two potential threats (Privacy / Security). First, by storing fingerprint in the CoreStation itself and not in the front door reader, the fingerprint local database is protected in the secured area side of the building. Second, by using RS485 Secured Connection between CoreStation (master) and fingerprint readers (slaves) with OSDP V2.1.6 (open standard device protocol), there is no need to have a TCP/IP cable at the front door unlike required by most of biometric reader installations. This also removes the threat of using the unsecured “Wiegand” communication line.