From BioStar v2.8, the enhanced Personal Data Encryption is supported to protect the stored data in the server.


Data Encryption translate data into another form such as unreadable characters, so that only people or a system with access to a correct encryption key can read it. It's a security method where information is encoded.


To protect the data stored in the database, we highly recommend to activate the option Encrypt Personal Data On Database.


There are several things to know about the change of BioStar 2.8 or higher version.

Please read careful since it might affect the system operation of the 3rd party DB link.  


Common Case 1. Select a folder to store the encryption key of Personal Data

BioStar 2 v2.8 or higher version allows to select the folder which stores the encryption key during BioStar 2 installation. 

The path can be not updated later.

 


Common Case 2. Please be aware the page 

The system administrator has the responsibility to comply with the applicable laws of each country when using personal information, Biometics data or any other stored material. 


Case 1. Start fresh with a clean installation

Note: The default encryption option of Personal Data on BioStar 2 Database is [USE]. 

If you are considering DB link for ERP system, please consider this part with your system engineer and you can't integrate BioStar 2 DB directly due to the personal data encryption.


The related menu listWhat information encrypted is
USERUser Photo (Profile Image),
User Name,
User Email,
User ID,
Telephone,
Login ID,
Password (Login Password),
User IP,
User Custom Field(For the description, click here),
Card ID,
Credential Info - PIN,
Credential Info
- Fingerprint Template, Face Template
(12 items)
MONITORINGUser Name, User ID, Image Log
TIME ATTENDANCESame as USER menu
Settings>CARD FORMAT>Smart CardThe primary key/secondary key in Smart card layout
Settings>AUDIT TRAILRelated personal data same as USER menu
Settings>TRIGGER & ACTION>BioStar>Action>Send EmailSMTP information, Password, User Name
VISITORRelated personal data same as USER menu


Encryption Methods

Login Password, PIN : SHA-256 Encryption

Others except Login Password and PIN : AES-256 Encryption


You can also check the enabled option to the below part and change the data encryption key.

(Direction: BioStar 2>Settings>Security>Advanced Security Settings>Encrypt Personal Data On Database)


Note: The below information is excepted for Personal Data Encryption.

BioStar 2 AC DB : The User ID 1

BioStar 2 TA DB :  The User IDs for administrator, user operator, monitoring operator, video operator, TA operator, and user operator in Operator Level.


For DB backup and restore instruction, please consider the file of the encryption key.

 The encryption key file located in C:\Program Files\BioStar 2(x64)\util and make a backup DB. 

 

For more details about DB backup and restore, click the below links.

 - [BioStar 2] Database Backup and Restore Instructions (Maria DB)

 - [BioStar 2] MSSQL Database Backup and Restore Instructions




Case 2. Upgrade from the formal version of BioStar 2

Note: BioStar 2 v2.8 or higher version will keep the previous configuration of Personal Data Encryption.  It means the option should be manual enabled by BioStar 2 administrator if you were not using the option Encrypt Personal Data on Database during using the formal version BioStar 2.  If you want to know the default encrypted data information, please click here.


Note: The name of the option Data Encryption was Server & Device Encryption Key manual management in Settings>Server>Advanced security settings on the formal BioStar 2. (v2.6 ~ v2.7.14) 

From BioStar 2 v2.8, the option name is replaced with Encrypt Personal Data on Database and it is re-located in Settings>Security>Advanced security settings


Note: Please read careful since the migration progress will take time if you enable the option of Encrypt Personal Data on Database.  The completion time of data encryption from non-encrypted data to encrypted data depends on the number of user data, log data, image log data, and etc.  This progress is not just chaining a simple configuration because BioStar 2 server will encrypt all personal data in the stored BioStar 2 database server.


How to enable the option [Personal Data Encryption]

1) Go to BioStar 2>Settings>Security>Advanced Security Settings.

 

2) Confirm the option Encrypt Personal Data on Database.


3) Enable the button from [Not use] to [Use] and set the personal data encryption key if you want to have a unique key information. You can enter the personal data encryption key with 32 characters using letters, numbers, and symbols.


4) Confirm the page of data migration as follows. Click [Start] to start Data Encryption.


 5)  Confirm the popup 'Data migration complete'.




Note: The below information is excepted for Personal Data Encryption.

BioStar 2 AC DB : The User ID 1

BioStar 2 TA DB :  The User IDs for administrator, user operator, monitoring operator, video operator, TA operator, and user operator in Operator Level.


For DB backup and restore instruction, please consider the file of the encryption key.

 The encryption key file located in C:\Program Files\BioStar 2(x64)\util and make a backup DB. 

 

For more details about DB backup and restore, click the below links.

 - [BioStar 2] Database Backup and Restore Instructions (Maria DB)

 - [BioStar 2] MSSQL Database Backup and Restore Instructions


Reference

[BioStar 2] Overview of BioStar 2 v2.8 and Cyber Security

[BioStar 2] BioStar 2.8.0 New Features and Configuration Guide


FAQ

Q.1) In case of encryption of the personal data like user name, ID’s and other fields in database, how the database level integration is possible for third party integration?

For DB level integration, we are going to update the explanations how we encrypt and decrypt. But it will take time and we should check further. We will make the technical guidance.


Q.2) Will the new encryption method applied to all field of user information? Including CUSTOM FIELD? Also, can we control which specific field to be encrypted?

The custom field will be encrypted.  But, we do not have the option for the specific field to be encrypted.


Q.3)  Can I encrypt the personal data and then, decrypt it without losing the data?

Yes, with the option(Encrypt Personal Data On Database) of BioStar 2, you can encrypt and decrypt the data without losing the personal data and log. For the items, please refer to the above.