Suprema Webinar: Upcoming Features of BioStar 2 System
This webinar will introduce new firmware features and updates on BioStar 2. Details of each feature will be explained with the background of implementation.
There would be a follow-up session on the latest BioStar 2 release and direction of the upcoming releases.
- Suprema devices support encryption data through migration(upgrading) to the latest version of FW.
* Before upgrade, please backup data to USB or DB. After upgraded, if you downgrade, all data will be deleted and reset the device.
- Sharing the roadmap of BioStar 2 SW.
Please find out the below descriptions, the recorded video file, the Q&A list, and the relevant article links below.
Recorded video file: Click here.
Presentation file: Please find the attached file.
Q&A list: Please find the attached file.
- Updates on Device
- Updates on BioStar 2
Michael Lee, BioStar 2 Product Manager at Suprema HQ
Top 7 Q&A List
Q.1) Could you kindly provide a document stating what are the things to take note, pros & cons when upgrading to the latest firmware?
- For the document, you can find that from the release note. Plus, we will make more technical part by July.
Feature-wise, all the features are available with the latest FW.
If you just talking about security, the device can be used more securely.
The cons, it takes some time for migration, and if you downgrade, all information will be deleted.
Q.2) Is there a way to disable encryption on the latest FW that supports encryption?
- No, we do not have that.
If sure asking to get information through BioStar 2 or and SDK everything will be decrypted sent through the TCP which is also encrypted and you will be able to receive the information so definitely there is no option to turn this off.
Q.3) Does the migration process mean a FW upgrade? Or, is the migration process that we can do whenever we want to enable by running a SW or using an option in the device menu?
- The migration process means that the internal data such as user and log are encrypted from the former version to the recent version. Please refer to the FW list from the below table.
Upgrading FW means you will do the migration process, but this is a one-time thing.
Once you have done migration, and if you go further then there will be no more migration.
[Supported FW list - Enhance Security]
Q.4) What is the impact of BioStar2 when the option "Encrypt personal data on the database" is used while the upgrade and downgrade of device FW?
- There is no impact on this.
The reason is this once even though it stored as encrypted when we communicated through protocol and we have to send data it's decrypted from the device
And its while it seems through TCP/IP in a packet everything is encrypted again using AES 256 or it can use TLS and then once it arrives server it will be decrypted using the key has been exchanged and then when we have to store on the BioStar 2 server depending on the option of using the encryption on the BioStar 2, it will encrypt it again, install on DB or it just store right away.
Q.5) If we decide not to use DB encryption on Biostar v.2.8.x, the upgraded FW devices will still encrypt the data inside their flash memories?
- Yes, that is correct.
Regardless of the software version, once you have the version of firmware that forced encryption, it will be encrypted no matter what.
Q.6) This new APB is enabled and applied to doors without door sensor or one door with a door sensor, while the other is without, how will it operate?
- It's going to be provided as an option.
So, you have to enable the enhanced APB, and it has to have a door sensor.
If it does not have the door sensor, you have to use it with the legacy APB which will be provided as an option.
If you don't have a door sensor, you have to use the original one.
This is an option for the door or its option inside the zone. If you have the door sensor, definitely we recommend using the enhanced version.
Q.7) What encryption type do BioStar 2 and BioStar 2 Device support?
- We are using AES 256 for encryption of general information stored inside the device.
In the case of PIN, SHA 256 is used for encryption.