Enhance System Security

Configure the security settings of BioStar X according to your organization's security policy. You can selectively set password policy, personal data encryption, communication security between devices, and concurrent access control.

Info

Check your organization's security policy and regulations before enhancing system security.

Use system security

1. Click Settings on the Launcher page.

2. Click System → Security on the left sidebar.

3. Set each item related to security.

   • Login Password: Set the security level related to login password. For more information, refer to the following section.

   • Advanced Security Settings: Enhance communication security between personal information and devices. For more information, refer to the following section.

   • Session Security: Enhance session security. For more information, refer to the following section.

4. Click Apply at the bottom right of the screen to save your settings.

Info

Only the first administrator account with ID 1 can use the Advanced Security Settings menu.

Set password policy

The Login Password section sets the security level related to the login password. Set the password policy according to your organization's security requirements.

Set password complexity

You can set the complexity of user passwords. Adjust the slider for the Password Level option to set the security level.

• Low: You can enter up to 32 characters.

• Medium: When setting a password, a combination of 8 to 32 alphabetic characters (uppercase or lowercase) and numbers is required.

• Strong: When setting a password, a combination of 10 to 32 alphabetic characters (uppercase and lowercase, including at least one uppercase letter), numbers, and special characters is required.

Set password change cycle

To limit the usage period of passwords, toggle the button in the Maximum Password Age option to Active state. Users must change their password periodically as set. If the password change cycle is exceeded, a password change request message will appear during login.

Info

It can be set from 1 to 180 days.

Set login failure limit

You can set the number of allowed password input failures and the login restriction time. If you exceed the number of attempts set in the Maximum Invalid Attempts option, you cannot log in for a limited time after incorrectly entering the password.

Info

This option is activated by default, and login is restricted for 10 minutes after 100 failures. You can adjust the values or disable them as needed.

Set password change limit

To limit the number of password changes a user can make in a day, toggle the button in the Maximum Password Change Limit option to Active state. Users can change the password up to the specified number of times.

Info

It can be set to a maximum of 10 times.

Advanced security settings

In the Advanced Security Settings section, you can enhance personal information and communication security between devices.

Enhance personal data protection

To minimize the risk of data breaches, set the options below to encrypt sensitive personal information.

• Encrypt Personal Data on Database

  • Use: Encrypt and store user personal data, including credential data.

  • Not Use: Store user personal information without encryption. Data that is already encrypted will be stored decrypted, and new data will not be encrypted.

• Personal Data Encryption Key: Used to encrypt or decrypt information stored in the database to securely protect user personal information. Click the Change button and set a new encryption key value. Changing the encryption key re-encrypts the data that was previously encrypted.

Info

• Do not forcefully start the server during the personal data DB encryption or decryption process. Errors such as login failure or data corruption may occur. It may take some time depending on the size of the database and the performance of the server.

  View personal data encryption items

  • Profile image

  • User ID

  • Name

  • Phone number

  • User IP

  • Email information for sender ans recipients

  • Login ID

  • Login password

  • Face template

  • Fingerprint template

  • Card ID

  • Smart card layout key

  • Custom information for user and visitor

  • Image log files

• Personal Data Encryption Key can be entered using alphanumeric characters and symbols for a total of 32 characters.

Set communication security between devices

Set up secure communication between the BioStar X server and access control devices.

• Secure communication with device: Communication between the BioStar X server and access control devices can be protected with certificates. If you set this option to Use, the server automatically generates a certificate to send to the devices, and all communication is encrypted thereafter. Devices can use this certificate to establish a secure channel when exchanging data with the BioStar X server.

  To use external certificates, enable the Use external certificates option and upload the root certificate, public key certificate, and private key file.

  

• Device Hashkey Management: You can redefine the data encryption key and administrator password.

Info

• BioStar X generates or deletes certificates according to the configuration status of device and secure communication settings, and does not recreate the same certificate as before. For example, if the setting of Secure communication with device is changed in the order of Use → Not Use, the created certificate will be deleted automatically. When the setting is changed in the order of Use → Not Use → Use, the operation of Create A certificate → Delete A certificate → Create B certificate is carried out.

• If you set the Secure communication with device option to Not Use while the device is physically separated from the network, the certificate stored in the device will be deleted. In this case, the device cannot be reconnected. To connect it again, the certificate saved in the device must be deleted or the device must be reset to factory default. For more information, refer to the manual of the device.

View supported devices and firmware versions for Secure communication with device feature

• FaceStation 2 FW 1.1.0 or later

• BioStation A2 FW 1.5.0 or later

• BioStation 2 FW 1.6.0 or later

• BioStation L2 FW 1.3.0 or later

• BioLite N2 firmware 1.0.0 or higher

• BioEntry P2 FW 1.1.0 or later

• BioEntry W2 FW 1.2.0 or later

• FaceLite firmware 1.0.0 or higher

• XPass 2 firmware 1.0.0 or higher

• CoreStation FW 1.1.0 or later

• X-Station 2 firmware 1.0.0 or higher

• BioStation 3 firmware 1.0.0 or higher

Concurrent access control

In the Session Security section, you can limit duplicate logins for the same account to enhance security. Set the Simultaneous Connection Allow option to Inactive. When there are concurrent login attempts for the same account, existing users logged in will be logged out.